Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Recent fake adobe redirects, after help here. ? if router could be the source


  • This topic is locked This topic is locked
14 replies to this topic

#1 Tiredmaiden

Tiredmaiden

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Eastern USA
  • Local time:10:50 PM

Posted 21 November 2016 - 12:19 AM

Hello.

 

Not sure if this current problem is still connected to issues I sought help here, back on September 16, 2016 topic "Redirects, Windows Diagnostics = (virus-alert-e1ed3.online...."   http://www.bleepingcomputer.com/forums/t/627049/redirects-windows-diagnostics-virus-alert-e1ed3onlin/page-1

 

Before I detail what is currently happening, I went back to look at screenshots I keep from any unusual messages, redirects...any odd activity, and I was surprised to see that on the date everything seemed or was deemed as resolved, I had made note of something...I'm assuming it was much later in the day, (don't remember what or why I didn't follow up) and there was a message "closed webpage" while I was trying to go back to "bleepingcomputer."  That was on 09/20/2016, and then the following day, a redirect to a scam 'error' page with the audible alert.  Ah, I now remember why I didn't follow up....family medical emergency & was not home for over a week thus, no use of PC!  

 

Some of the other issues mentioned in my original topic seemed to have been resolved...high CPU & Memory usage, etc.  But on 10/2/2016 the first fake Adobe Flash Player update redirect.  At first, I went to Adobe's site to look for any info since it was obvious by the URL & the redirect that this couldn't be legitimate. There was a post in their forum that seemed to fit, and if you view the thread, you will see why I posted my first screenshot in response to another person who had posted: https://forums.adobe.com/thread/2202768. It may be easiest to see my posts (I am "cs........") and how the "STAFF" members replied...first suggesting to seek assistance here. There was another redirect to same looking page - different strange URL on 10/25/2016 & the most recent a few days ago on 11/18/2016.   Besides having Windows Defender, I run on demand MBAM & SAS on a regular basis...more so after odd activity.  I think I ran HouseCall within the past few days...getting too confusing.   Oddly, yesterday while trying to decide what to do next, I had a tab open to read something on Norton's support site regarding redirects, and then opened a new tab to come over to bleepingcomputer .  Almost as if someone knew what I was doing, Internet Explorer gave me the "Not Responding."  It was late, I was frustrated....perhaps it is worse because there is no odd activity or anything showing up or being blocked by security software & scanners for days, and then suddenly, there is a new single occurrence.    I had changed passwords, I am very careful about sites I visit, never click on any ads, very little video and even on the rare occasion, I make sure it is a trusted source, keep system updated - including router firmware....just don't know what to do from here?  In the Adobe forum thread (above) the Staff member made a suggestion about installing Microsoft's EMET or upgrading to Windows 10 (which I have on a laptop, and hate...due to the intrusive ads,) and I'm not comfortable doing anything until I consult with a pro here.

 

I did run FRST...logs as follows:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 20-11-2016 01
Ran by maide_000 (administrator) on UPSTAIRS2015 (20-11-2016 17:43:10)
Running from C:\Users\maide_000\Desktop
Loaded Profiles: C & maide_000 (Available Profiles: C & maide_000 & vette_000)
Platform: Windows 8.1 (Update) (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Windows ® Win 7 DDK provider) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AdminService.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S60RPB.EXE
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
() C:\Program Files (x86)\Wyse\PocketCloud\PocketCloudService.exe
(DELL Inc.) C:\Program Files (x86)\Wyse\PocketCloud\WyseRemoteAccess.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Dell Inc.) C:\Program Files (x86)\Dell Customer Connect\DCCService.exe
(Dell Products, LP.) C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
(Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpService.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\DRScanner\DRScanner.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
(Qualcomm®Atheros®) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe
() C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\ActivateDesktop.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_YATINOE.EXE
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_YATINOE.EXE
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
(Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpTray.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
() C:\Program Files\WindowsApps\Microsoft.BingMaps_2.1.3230.2048_x64__8wekyb3d8bbwe\Map.exe
(Microsoft Corporation) C:\Windows\System32\WWAHost.exe
() C:\Program Files (x86)\Trend Micro\DRScanner\sdk\monitor_process.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Qualcomm®Atheros®) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe
() C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\ActivateDesktop.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
(EnTech Taiwan) C:\Program Files (x86)\Dell\Dell Display Manager\ddm.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Insecure.Org) C:\Program Files (x86)\Trend Micro\DRScanner\nmap\nmap.exe
(Insecure.Org) C:\Program Files (x86)\Trend Micro\DRScanner\nmap\nmap.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-07] (Intel Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7666392 2014-12-11] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1391472 2014-12-11] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_PushButton] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1391472 2014-12-11] (Realtek Semiconductor)
HKLM\...\Run: [IgfxTray] => C:\Windows\system32\igfxtray.exe [392592 2015-03-31] ()
HKLM\...\Run: [HotKeysCmds] => "C:\Windows\system32\hkcmd.exe"
HKLM\...\Run: [Persistence] => "C:\Windows\system32\igfxpers.exe"
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1064512 2013-11-08] (SEIKO EPSON CORPORATION)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe [132736 2013-09-05] (Qualcomm®Atheros®)
HKU\S-1-5-21-3412248325-257921828-2620446140-1001\...\Run: [EPLTarget\P0000000000000000] => C:\Windows\system32\spool\DRIVERS\x64\3\E_YATINOE.EXE [298560 2013-12-16] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-3412248325-257921828-2620446140-1001\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7943072 2016-10-21] (SUPERAntiSpyware)
HKU\S-1-5-21-3412248325-257921828-2620446140-1003\...\Run: [EPLTarget\P0000000000000000] => C:\Windows\system32\spool\DRIVERS\x64\3\E_YATINOE.EXE [298560 2013-12-16] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-3412248325-257921828-2620446140-1003\...\Run: [EPLTarget\P0000000000000001] => C:\Windows\system32\spool\DRIVERS\x64\3\E_YATINOE.EXE [298560 2013-12-16] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-3412248325-257921828-2620446140-1003\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8912088 2016-08-26] (Piriform Ltd)
HKU\S-1-5-21-3412248325-257921828-2620446140-1003\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [29635712 2016-09-12] (Skype Technologies S.A.)
HKU\S-1-5-18\...\Run: [KSS] => "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe" autorun
ShellIconOverlayIdentifiers: [DBARFileBackuped] -> {831cebdd-6baf-4432-be76-9e0989c14aef} => C:\Windows\system32\mscoree.dll [2013-08-22] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [DBARFileNotBackuped] -> {275e4fd7-21ef-45cf-a836-832e5d2cc1b3} => C:\Windows\system32\mscoree.dll [2013-08-22] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Dell Display Manager.lnk [2016-06-09]
ShortcutTarget: Dell Display Manager.lnk -> C:\Program Files (x86)\Dell\Dell Display Manager\ddm.exe (EnTech Taiwan)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ImageBrowser EX Agent.lnk [2015-06-09]
ShortcutTarget: ImageBrowser EX Agent.lnk -> C:\Program Files (x86)\Canon\ImageBrowser EX\MFManager.exe ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{1C5A01EE-7A62-40D4-A80B-8FBEE1AD47E8}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{2BCE2F20-9ECB-42A2-87A9-1558679AF5D5}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{8C9ADFC0-0B48-483F-8E65-BC8763B6B8B0}: [DhcpNameServer] 192.168.44.1

Internet Explorer:
==================
HKU\S-1-5-21-3412248325-257921828-2620446140-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://msn.com/
HKU\S-1-5-21-3412248325-257921828-2620446140-1003\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://dell13.msn.com/?pc=DCJB
HKU\S-1-5-21-3412248325-257921828-2620446140-1003\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dell13.msn.com/?pc=DCJB
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3412248325-257921828-2620446140-1001 -> DefaultScope {61E6EFAD-C865-47BF-8B4D-C7589B127CDF} URL =
SearchScopes: HKU\S-1-5-21-3412248325-257921828-2620446140-1001 -> {61E6EFAD-C865-47BF-8B4D-C7589B127CDF} URL =
SearchScopes: HKU\S-1-5-21-3412248325-257921828-2620446140-1003 -> DefaultScope {61E6EFAD-C865-47BF-8B4D-C7589B127CDF} URL =
SearchScopes: HKU\S-1-5-21-3412248325-257921828-2620446140-1003 -> {61E6EFAD-C865-47BF-8B4D-C7589B127CDF} URL =
Toolbar: HKU\S-1-5-21-3412248325-257921828-2620446140-1001 -> No Name - {71576546-354D-41C9-AAE8-31F2EC22BF0D} -  No File

FireFox:
========
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-12-09] (Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com)
R2 AtherosSvc; C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe [312448 2013-09-05] (Windows ® Win 7 DDK provider) [File not signed]
R2 Dell Customer Connect; C:\Program Files (x86)\Dell Customer Connect\DCCService.exe [132472 2016-09-09] (Dell Inc.)
S3 DellProdRegManager; C:\Program Files (x86)\Dell Product Registration\regmgrsvc.exe [278568 2014-10-31] (Aviata, Inc.)
R2 DellUpdate; C:\Program Files (x86)\Dell Update\DellUpService.exe [237272 2015-08-27] (Dell Inc.)
R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [144560 2012-05-16] (Seiko Epson Corporation)
R2 EPSON_PM_RPCV4_06; C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S60RPB.EXE [152640 2013-04-15] (SEIKO EPSON CORPORATION)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-07] (Intel Corporation)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [344976 2015-03-31] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; c:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; c:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel® Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-12-09] (Intel Corporation)
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [253776 2013-07-30] (CyberLink)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [292568 2014-12-11] (Realtek Semiconductor)
R2 SftService; C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe [1915920 2014-04-04] (SoftThinks SAS)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
R2 WysePocketCloud; C:\Program Files (x86)\Wyse\PocketCloud\PocketCloudService.exe [16176 2013-08-22] ()
R2 WyseRemoteAccess; C:\Program Files (x86)\Wyse\PocketCloud\WyseRemoteAccess.exe [1785344 2013-08-19] (DELL Inc.) [File not signed]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3859968 2013-08-16] (Qualcomm Atheros Communications, Inc.)
R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-09-05] (Qualcomm Atheros)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-05] (CyberLink)
S3 dg_ssudbus; C:\Windows\system32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics Co., Ltd.)
R3 MEIx64; C:\Windows\System32\drivers\TeeDriverx64.sys [100312 2013-12-09] (Intel Corporation)
R3 npf; C:\Windows\System32\drivers\npf.sys [36600 2014-08-18] (Riverbed Technology, Inc.)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 ssudmdm; C:\Windows\system32\DRIVERS\ssudmdm.sys [165504 2016-09-05] (Samsung Electronics Co., Ltd.)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
R2 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== Three Months Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-11-20 17:43 - 2016-11-20 17:43 - 00015489 _____ C:\Users\maide_000\Desktop\FRST.txt
2016-11-20 17:41 - 2016-11-20 17:43 - 00000000 ____D C:\FRST
2016-11-20 17:39 - 2016-11-20 17:39 - 02412544 _____ (Farbar) C:\Users\maide_000\Desktop\FRST64.exe
2016-11-20 16:57 - 2016-11-20 16:57 - 00000000 ___RD C:\Users\maide_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2016-11-19 21:03 - 2016-11-20 15:54 - 00000000 ____D C:\Users\maide_000\AppData\Roaming\Skype
2016-11-19 21:03 - 2016-11-19 21:03 - 00000000 ____D C:\Users\maide_000\Tracing
2016-11-18 19:39 - 2016-11-18 19:39 - 00000000 ____D C:\Program Files (x86)\Dell Product Registration
2016-11-17 20:35 - 2016-11-17 20:35 - 00000000 ___RD C:\Users\vette_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2016-11-17 14:59 - 2016-11-17 15:00 - 00000000 ____D C:\Users\vette_000\Desktop\eMusic
2016-11-17 14:16 - 2016-11-17 14:16 - 00000000 ____D C:\Windows\LastGood
2016-11-17 14:11 - 2016-11-17 14:11 - 00000000 ____D C:\Users\vette_000\AppData\Roaming\Canon
2016-11-16 20:29 - 2016-11-16 20:29 - 00000282 _____ C:\Users\C\Desktop\Medigap & Medicare Advantage Plans  Medicare.gov.url
2016-11-16 20:29 - 2016-11-16 20:29 - 00000262 _____ C:\Users\C\Desktop\Medigap vs. Medicare Advantage Plan - Which is Best Medicare Supplemen... - AARP.url
2016-11-16 01:11 - 2016-10-28 16:04 - 00828408 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-11-16 01:11 - 2016-10-28 16:04 - 00176632 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-11-15 15:15 - 2016-10-27 13:28 - 25763328 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-11-15 15:15 - 2016-10-27 13:19 - 06047744 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-11-15 15:15 - 2016-10-27 12:17 - 15257088 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-11-15 15:15 - 2016-10-27 10:05 - 20304896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-11-15 15:15 - 2016-10-22 11:44 - 04608000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-11-15 15:15 - 2016-10-22 11:30 - 13654016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-11-15 15:15 - 2016-10-07 20:34 - 01660040 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2016-11-15 15:15 - 2016-10-07 20:34 - 01212248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2016-11-15 15:15 - 2016-10-04 15:08 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\olepro32.dll
2016-11-15 15:14 - 2016-11-02 15:48 - 00372568 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2016-11-15 15:14 - 2016-11-02 15:48 - 00315224 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2016-11-15 15:14 - 2016-11-02 09:03 - 00044032 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2016-11-15 15:14 - 2016-11-02 09:00 - 00035840 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2016-11-15 15:14 - 2016-10-27 13:53 - 00576000 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-11-15 15:14 - 2016-10-27 13:51 - 02896384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-11-15 15:14 - 2016-10-27 13:37 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-11-15 15:14 - 2016-10-27 13:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-11-15 15:14 - 2016-10-27 13:07 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2016-11-15 15:14 - 2016-10-27 13:05 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-11-15 15:14 - 2016-10-27 12:57 - 01033216 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2016-11-15 15:14 - 2016-10-27 12:49 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-11-15 15:14 - 2016-10-27 12:47 - 00378880 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-11-15 15:14 - 2016-10-27 12:46 - 00806912 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-11-15 15:14 - 2016-10-27 12:46 - 00725504 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-11-15 15:14 - 2016-10-27 12:44 - 02131456 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-11-15 15:14 - 2016-10-27 12:16 - 02920448 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-11-15 15:14 - 2016-10-27 12:03 - 01543680 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-11-15 15:14 - 2016-10-27 11:54 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-11-15 15:14 - 2016-10-25 09:11 - 04169216 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-11-15 15:14 - 2016-10-22 12:35 - 00498688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-11-15 15:14 - 2016-10-22 12:34 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2016-11-15 15:14 - 2016-10-22 12:27 - 02287616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-11-15 15:14 - 2016-10-22 12:21 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-11-15 15:14 - 2016-10-22 11:58 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2016-11-15 15:14 - 2016-10-22 11:57 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2016-11-15 15:14 - 2016-10-22 11:56 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2016-11-15 15:14 - 2016-10-22 11:51 - 00880640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2016-11-15 15:14 - 2016-10-22 11:46 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2016-11-15 15:14 - 2016-10-22 11:45 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-11-15 15:14 - 2016-10-22 11:45 - 00330752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2016-11-15 15:14 - 2016-10-22 11:43 - 02055680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-11-15 15:14 - 2016-10-22 11:12 - 02444800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-11-15 15:14 - 2016-10-22 11:09 - 01312256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-11-15 15:14 - 2016-10-22 11:09 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-11-15 15:14 - 2016-10-13 14:06 - 01385280 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2016-11-15 15:14 - 2016-10-13 14:06 - 01124376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2016-11-15 15:14 - 2016-10-12 03:01 - 00377176 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\clfs.sys
2016-11-15 15:14 - 2016-10-11 15:21 - 00497448 _____ (Microsoft Corporation) C:\Windows\system32\mfsvr.dll
2016-11-15 15:14 - 2016-10-11 15:21 - 00399776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfsvr.dll
2016-11-15 15:14 - 2016-10-11 13:34 - 00247296 _____ (Microsoft Corporation) C:\Windows\system32\microsoft-windows-system-events.dll
2016-11-15 15:14 - 2016-10-11 12:47 - 00263680 _____ (Microsoft Corporation) C:\Windows\system32\input.dll
2016-11-15 15:14 - 2016-10-11 11:55 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\input.dll
2016-11-15 15:14 - 2016-10-10 16:17 - 00444248 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-11-15 15:14 - 2016-10-10 16:17 - 00333656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-11-15 15:14 - 2016-10-09 17:59 - 00551256 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\vhdmp.sys
2016-11-15 15:14 - 2016-10-08 18:12 - 00445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2016-11-15 15:14 - 2016-10-08 17:53 - 03754496 _____ (Microsoft Corporation) C:\Windows\system32\MSVidCtl.dll
2016-11-15 15:14 - 2016-10-08 17:21 - 01445376 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-11-15 15:14 - 2016-10-08 17:18 - 00840704 _____ (Microsoft Corporation) C:\Windows\system32\netlogon.dll
2016-11-15 15:14 - 2016-10-08 17:07 - 00332288 _____ (Microsoft Corporation) C:\Windows\system32\UIAnimation.dll
2016-11-15 15:14 - 2016-10-08 17:02 - 00324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2016-11-15 15:14 - 2016-10-08 16:49 - 02410496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSVidCtl.dll
2016-11-15 15:14 - 2016-10-08 16:21 - 00254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIAnimation.dll
2016-11-15 15:14 - 2016-10-04 15:39 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bowser.sys
2016-11-15 15:14 - 2016-10-04 15:23 - 00091648 _____ (Microsoft Corporation) C:\Windows\system32\asycfilt.dll
2016-11-15 15:14 - 2016-10-04 15:08 - 00077824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\asycfilt.dll
2016-11-15 15:14 - 2016-09-09 17:52 - 00921944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\refs.sys
2016-11-15 15:14 - 2016-09-09 17:14 - 00275800 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys
2016-11-15 15:14 - 2016-09-09 09:15 - 00269824 _____ (Microsoft Corporation) C:\Windows\system32\DafPrintProvider.dll
2016-11-15 15:14 - 2016-09-09 09:09 - 00203776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DafPrintProvider.dll
2016-11-15 15:14 - 2016-09-09 09:04 - 00864256 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2016-11-15 15:14 - 2016-09-09 09:03 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\iscsiwmi.dll
2016-11-15 15:14 - 2016-09-09 09:02 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iscsiwmi.dll
2016-11-15 15:14 - 2016-09-09 08:38 - 00446124 _____ C:\Windows\system32\ApnDatabase.xml
2016-11-15 15:14 - 2016-09-03 13:20 - 00075264 _____ (Microsoft Corporation) C:\Windows\system32\iscsidsc.dll
2016-11-15 15:14 - 2016-09-03 13:06 - 00151040 _____ (Microsoft Corporation) C:\Windows\system32\iscsiexe.dll
2016-11-15 15:14 - 2016-09-03 12:21 - 00055296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iscsidsc.dll
2016-11-15 15:14 - 2016-09-03 11:12 - 00512512 _____ (Microsoft Corporation) C:\Windows\system32\winspool.drv
2016-11-15 15:14 - 2016-09-03 11:05 - 01094656 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2016-11-15 15:14 - 2016-09-03 10:58 - 00397824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winspool.drv
2016-11-15 15:14 - 2016-09-02 09:05 - 00306176 _____ (Microsoft Corporation) C:\Windows\system32\pdh.dll
2016-11-15 15:14 - 2016-09-02 09:05 - 00262144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pdh.dll
2016-11-15 15:14 - 2016-09-01 09:33 - 00377856 _____ (Microsoft Corporation) C:\Windows\system32\vmrdvcore.dll
2016-11-15 15:14 - 2016-09-01 09:33 - 00342528 _____ (Microsoft Corporation) C:\Windows\system32\SessEnv.dll
2016-11-15 15:14 - 2016-09-01 09:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SessEnv.dll
2016-11-15 15:14 - 2016-08-30 09:11 - 00092672 _____ (Microsoft Corporation) C:\Windows\system32\dab.dll
2016-11-15 15:14 - 2016-08-29 21:45 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\xolehlp.dll
2016-11-15 15:14 - 2016-08-29 21:18 - 00871936 _____ (Microsoft Corporation) C:\Windows\system32\msdtcprx.dll
2016-11-15 15:14 - 2016-08-29 21:18 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xolehlp.dll
2016-11-15 15:14 - 2016-08-29 21:03 - 00721920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdtcprx.dll
2016-11-15 15:14 - 2016-08-22 08:34 - 01628672 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2016-11-14 15:06 - 2016-11-14 15:06 - 00000000 ____D C:\Users\C\AppData\Roaming\webex
2016-11-14 14:06 - 2016-11-14 15:06 - 00000000 ____D C:\Users\C\AppData\LocalLow\WebEx
2016-11-14 14:06 - 2016-11-14 14:06 - 00487464 _____ C:\Users\C\AppData\LocalLow\Pre3637.tmp
2016-11-14 14:06 - 2016-11-14 14:06 - 00214471 _____ C:\Users\C\AppData\LocalLow\Pre3C14.tmp
2016-11-14 14:06 - 2016-11-14 14:06 - 00188168 _____ C:\Users\C\AppData\LocalLow\Pre3106.tmp
2016-11-14 14:06 - 2016-11-14 14:06 - 00000000 ____D C:\Users\C\AppData\Local\WebEx
2016-11-14 14:06 - 2016-11-14 14:06 - 00000000 ____D C:\ProgramData\WebEx
2016-11-09 18:59 - 2016-11-20 17:34 - 00000000 ____D C:\Program Files\WinPcap
2016-11-09 18:59 - 2016-11-09 18:59 - 00003128 _____ C:\Windows\System32\Tasks\DRScanner Startup
2016-11-09 18:59 - 2016-11-09 18:59 - 00002056 _____ C:\Users\Public\Desktop\HouseCall for Home Networks.lnk
2016-11-09 18:59 - 2016-11-09 18:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HouseCall for Home Networks
2016-11-09 18:35 - 2016-11-09 18:35 - 00000000 ____D C:\Windows\Trend Micro
2016-11-09 17:38 - 2016-11-09 17:39 - 257311552 _____ C:\Users\C\Downloads\EmsisoftEmergencyKit.exe
2016-11-04 10:58 - 2016-11-04 10:58 - 00000210 _____ C:\Users\C\Desktop\Social Security Online - The Red Book - SSDI Only Employment Supports.url
2016-11-04 10:25 - 2016-11-04 10:25 - 00000159 _____ C:\Users\C\Desktop\The Mental Health Provider�s Role in a Client�s Request for a Reasonable Accommodation at Work.url
2016-11-04 10:25 - 2016-11-04 10:25 - 00000136 _____ C:\Users\C\Desktop\Disability Discrimination.url
2016-10-28 21:13 - 2016-10-28 21:13 - 00000301 _____ C:\Users\C\Desktop\Re Router hacked, DNS servers changed - NETGEAR Communities.url
2016-10-28 17:12 - 2016-10-28 17:12 - 00630508 _____ C:\Users\C\Documents\Chris_Staller12.pdf
2016-10-27 11:22 - 2016-10-27 11:22 - 00000000 ____D C:\Users\C\AppData\LocalLow\Adobe
2016-10-27 11:21 - 2016-10-28 17:15 - 00000000 ____D C:\Program Files (x86)\Adobe
2016-10-27 11:20 - 2016-10-27 11:23 - 00000000 ____D C:\ProgramData\Adobe
2016-10-27 11:20 - 2016-10-27 11:20 - 00000000 ____D C:\Users\maide_000\AppData\Local\Adobe
2016-10-27 11:19 - 2016-10-27 11:22 - 00000000 ____D C:\Users\C\AppData\Local\Adobe
2016-10-25 09:32 - 2016-10-25 09:32 - 00322909 _____ C:\Users\vette_000\Downloads\Chris_Staller1.pdf
2016-10-24 14:47 - 2016-10-24 14:47 - 00000221 _____ C:\Users\C\Desktop\Medication Pricing - Pennsylvania Drug Card.url
2016-10-22 18:10 - 2016-10-22 18:10 - 00000231 _____ C:\Users\C\Desktop\Homeownership - NerdWallet.url
2016-10-22 17:56 - 2016-10-22 17:56 - 00000186 _____ C:\Users\C\Desktop\Consumer Financial Protection Bureau.url
2016-10-20 00:09 - 2016-10-20 00:09 - 00000352 _____ C:\Users\C\Desktop\Consumer Intelligence Research Partners - Bing.url
2016-10-19 18:42 - 2016-10-19 18:42 - 00000215 _____ C:\Users\C\Desktop\New Jersey Layoff Laws  Nolo.com.url
2016-10-19 17:23 - 2016-10-19 17:23 - 00000171 _____ C:\Users\C\Desktop\Frequently Asked Questions  Housing and Real Estate.url
2016-10-18 18:44 - 2016-10-18 18:44 - 00000189 _____ C:\Users\C\Desktop\Digital Trends  Technology News and Product Reviews.url
2016-10-18 17:01 - 2016-10-18 17:01 - 00000277 _____ C:\Users\C\Desktop\5 Ways to Answer 'Why Do You Want to Work Here'  On Careers  US News.url
2016-10-18 16:17 - 2016-10-18 16:17 - 00000199 _____ C:\Users\C\Desktop\Why does my Internet back button sometimes not work.url
2016-10-18 15:01 - 2016-10-18 15:01 - 00000000 ____D C:\Users\maide_000\AppData\Local\CEF
2016-10-18 14:59 - 2016-10-18 15:42 - 00000000 ____D C:\ProgramData\Kaspersky Lab Setup Files
2016-10-15 19:22 - 2016-10-15 19:22 - 00002713 _____ C:\Users\Public\Desktop\Skype.lnk
2016-10-15 19:22 - 2016-10-15 19:22 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-10-15 19:22 - 2016-10-15 19:22 - 00000000 ____D C:\Users\C\Tracing
2016-10-15 19:22 - 2016-10-15 19:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2016-10-15 19:21 - 2016-10-15 19:22 - 00000000 ____D C:\ProgramData\Skype
2016-10-15 19:20 - 2016-10-15 19:20 - 01461376 _____ (Skype Technologies S.A.) C:\Users\C\Downloads\SkypeSetup.exe
2016-10-13 18:06 - 2016-10-13 18:06 - 00002806 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2016-10-13 18:05 - 2016-10-13 18:05 - 00000836 _____ C:\Users\Public\Desktop\CCleaner.lnk
2016-10-13 18:05 - 2016-10-13 18:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2016-10-13 18:05 - 2016-10-13 18:05 - 00000000 ____D C:\Program Files\CCleaner
2016-10-13 17:44 - 2016-10-13 17:44 - 00000000 ____D C:\Users\C\AppData\Local\CEF
2016-10-13 12:16 - 2016-09-30 19:22 - 07444312 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-10-13 12:16 - 2016-09-17 13:16 - 00103424 _____ (Microsoft Corporation) C:\Windows\system32\adsmsext.dll
2016-10-13 12:16 - 2016-09-17 12:21 - 00089600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adsmsext.dll
2016-10-13 12:16 - 2016-09-13 20:53 - 01663184 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2016-10-13 12:16 - 2016-09-13 20:53 - 01523208 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2016-10-13 12:16 - 2016-09-13 20:53 - 01490112 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2016-10-13 12:16 - 2016-09-13 20:53 - 01358952 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2016-10-13 12:16 - 2016-09-12 17:03 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\offreg.dll
2016-10-13 12:16 - 2016-09-12 16:01 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\offreg.dll
2016-10-13 12:16 - 2016-09-08 15:41 - 00121176 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tm.sys
2016-10-13 12:16 - 2016-09-08 09:00 - 00140800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2016-10-13 12:16 - 2016-09-08 09:00 - 00138240 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dfsc.sys
2016-10-13 12:16 - 2016-09-07 17:07 - 01988096 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2016-10-13 12:16 - 2016-09-07 16:59 - 01754112 _____ (Microsoft Corporation) C:\Windows\system32\GdiPlus.dll
2016-10-13 12:16 - 2016-09-07 16:59 - 01377792 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2016-10-13 12:16 - 2016-09-07 16:57 - 01560064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2016-10-13 12:16 - 2016-09-07 16:56 - 01491456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GdiPlus.dll
2016-10-13 12:16 - 2016-08-27 11:33 - 02881536 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
2016-10-13 12:16 - 2016-08-27 11:11 - 01049600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll
2016-10-13 12:16 - 2016-08-25 23:41 - 22360280 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2016-10-13 12:16 - 2016-08-25 23:41 - 19789224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2016-10-13 12:16 - 2016-08-25 15:50 - 00747008 _____ (Microsoft Corporation) C:\Windows\system32\ntshrui.dll
2016-10-13 12:16 - 2016-08-25 14:40 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntshrui.dll
2016-10-13 12:16 - 2016-08-20 17:24 - 02778624 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2016-10-13 12:16 - 2016-08-20 17:12 - 02463744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2016-10-13 12:16 - 2016-08-12 19:05 - 09323008 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2016-10-13 12:16 - 2016-08-12 19:03 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vwifibus.sys
2016-10-13 12:16 - 2016-08-12 19:02 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vwififlt.sys
2016-10-13 12:16 - 2016-08-12 19:01 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vwifimp.sys
2016-10-13 12:16 - 2016-08-12 17:35 - 00222208 _____ (Microsoft Corporation) C:\Windows\system32\rastapi.dll
2016-10-13 12:16 - 2016-08-12 17:19 - 09323008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2016-10-13 12:16 - 2016-08-12 16:47 - 15431168 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2016-10-13 12:16 - 2016-08-12 16:17 - 00207872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastapi.dll
2016-10-13 12:16 - 2016-08-12 15:52 - 13317120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2016-10-13 12:16 - 2016-08-11 20:58 - 02315496 _____ (Microsoft Corporation) C:\Windows\system32\d3d11.dll
2016-10-13 12:16 - 2016-08-11 20:58 - 01946176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2016-10-13 12:16 - 2016-08-11 13:33 - 00096256 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\parport.sys
2016-10-13 12:16 - 2016-08-11 13:33 - 00083456 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\serial.sys
2016-10-13 12:16 - 2016-08-11 13:33 - 00023040 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\serenum.sys
2016-10-13 12:16 - 2016-08-11 12:17 - 01574912 _____ (Microsoft Corporation) C:\Windows\system32\wbengine.exe
2016-10-13 12:16 - 2016-08-11 00:46 - 00420184 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\spaceport.sys
2016-10-13 12:16 - 2016-08-03 10:42 - 01317888 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.Streaming.dll
2016-10-13 12:16 - 2016-08-03 10:36 - 01102848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.Streaming.dll
2016-10-13 12:16 - 2016-08-03 10:36 - 00289792 _____ (Microsoft Corporation) C:\Windows\system32\PlayToDevice.dll
2016-10-13 12:16 - 2016-08-03 10:33 - 00215552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PlayToDevice.dll
2016-10-13 12:16 - 2016-07-30 12:12 - 02896384 _____ (Microsoft Corporation) C:\Windows\system32\esent.dll
2016-10-13 12:16 - 2016-07-30 11:36 - 02537472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\esent.dll
2016-10-13 12:16 - 2016-07-26 08:40 - 00162850 _____ C:\Windows\SysWOW64\C_932.NLS
2016-10-13 12:16 - 2016-07-26 08:40 - 00162850 _____ C:\Windows\system32\C_932.NLS
2016-10-13 12:16 - 2016-07-23 13:18 - 01220096 _____ (Microsoft Corporation) C:\Windows\system32\twinui.appcore.dll
2016-10-13 12:16 - 2016-07-23 13:12 - 00954880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.appcore.dll
2016-10-13 12:16 - 2016-01-24 06:57 - 01335296 _____ (Microsoft Corporation) C:\Windows\system32\mispace.dll
2016-10-13 12:16 - 2016-01-24 06:45 - 01063424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mispace.dll
2016-10-13 11:12 - 2016-10-13 11:12 - 00000296 _____ C:\Users\C\Desktop\Strength Exercises for Toned Legs and Thighs  Fitness Magazine.url
2016-10-08 14:33 - 2016-10-08 14:33 - 00000192 _____ C:\Users\C\Desktop\Painting the Town Red w Annie Sloan Chalk Paint... Spray Painting That Is... - Salvaged Inspirations.url
2016-10-07 17:04 - 2016-10-07 17:04 - 05737156 _____ C:\Users\C\Documents\PALP-01_12_2016-ALP-COMPLETE.pdf
2016-10-02 16:10 - 2016-10-02 16:10 - 00000209 _____ C:\Users\C\Desktop\Welcome Adobe Community.url
2016-10-02 14:36 - 2016-10-02 14:36 - 00000216 _____ C:\Users\C\Desktop\Flash Player installation and update questions ... Adobe Community.url
2016-09-24 07:11 - 2016-09-24 07:12 - 00000000 ____D C:\Users\C\Desktop\Desktopshortcuts
2016-09-20 13:50 - 2016-09-20 13:50 - 02027520 _____ C:\Users\C\Downloads\WOT-latest-en-x64.msi
2016-09-20 11:31 - 2016-11-20 17:31 - 00000945 _____ C:\Windows\Tasks\EPSON XP-620 Series Update {586CD628-8417-4BF1-BF13-0D0CC6139A5C}.job
2016-09-20 11:31 - 2016-09-20 11:31 - 00003976 _____ C:\Windows\System32\Tasks\EPSON XP-620 Series Update {586CD628-8417-4BF1-BF13-0D0CC6139A5C}
2016-09-20 10:44 - 2016-09-20 10:44 - 00001068 _____ C:\DelFix.txt
2016-09-20 10:44 - 2016-09-20 10:44 - 00000000 ____D C:\Windows\ERUNT
2016-09-18 18:28 - 2016-09-18 18:28 - 00000713 _____ C:\Users\maide_000\Documents\checkup.txt
2016-09-18 16:33 - 2016-09-18 18:49 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2016-09-18 15:36 - 2016-09-18 15:36 - 00047104 ___SH C:\Users\maide_000\Desktop\Thumbs.db
2016-09-18 15:20 - 2016-09-18 15:20 - 00000000 ____D C:\Program Files (x86)\Dell Customer Connect
2016-09-16 10:21 - 2016-09-16 10:21 - 00000133 _____ C:\Users\C\Documents\virus.txt
2016-09-13 16:48 - 2016-08-20 18:45 - 07076864 _____ (Microsoft Corporation) C:\Windows\system32\glcndFilter.dll
2016-09-13 16:48 - 2016-08-20 18:22 - 00435200 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-09-13 16:48 - 2016-08-20 18:05 - 05273600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\glcndFilter.dll
2016-09-13 16:48 - 2016-08-20 17:50 - 00360448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-09-13 16:48 - 2016-08-20 17:42 - 07795712 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Data.Pdf.dll
2016-09-13 16:48 - 2016-08-20 17:27 - 05268480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Data.Pdf.dll
2016-09-13 16:48 - 2016-08-09 17:47 - 00803176 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2016-09-13 16:48 - 2016-08-09 17:47 - 00611576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2016-09-13 16:48 - 2016-08-04 09:17 - 00416768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2016-09-13 16:48 - 2016-08-03 13:06 - 00675328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2016-09-13 16:48 - 2016-08-03 13:05 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2016-09-13 16:48 - 2016-06-10 22:44 - 00107984 _____ (Microsoft Corporation) C:\Windows\system32\ncryptsslp.dll
2016-09-13 16:48 - 2016-06-10 22:44 - 00091416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncryptsslp.dll
2016-09-13 16:47 - 2016-08-22 11:06 - 00179248 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-09-13 16:47 - 2016-08-22 11:06 - 00100184 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-09-13 16:47 - 2016-08-20 20:03 - 00201728 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-09-13 16:47 - 2016-08-20 20:01 - 00401408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-09-13 16:47 - 2016-08-20 20:01 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-09-13 16:47 - 2016-08-20 17:55 - 00104960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2016-09-13 16:47 - 2016-08-14 14:34 - 01541248 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll
2016-09-13 16:47 - 2016-08-14 11:14 - 01376768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll
2016-09-13 16:47 - 2016-08-13 02:40 - 01737080 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-09-13 16:47 - 2016-08-12 19:04 - 00059392 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2016-09-13 16:47 - 2016-08-11 11:26 - 01156608 _____ (Microsoft Corporation) C:\Windows\system32\wwanmm.dll
2016-09-13 16:47 - 2016-08-11 11:17 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\pnidui.dll
2016-09-13 16:47 - 2016-08-11 11:16 - 00455680 _____ (Microsoft Corporation) C:\Windows\system32\wwanconn.dll
2016-09-11 20:31 - 2016-09-11 20:31 - 00094593 _____ C:\Users\C\Downloads\Document 2.pdf
2016-09-05 18:59 - 2016-11-09 18:58 - 00000000 ____D C:\Program Files (x86)\Trend Micro
2016-09-05 18:53 - 2016-11-19 21:19 - 01242166 _____ C:\Users\maide_000\AppData\Local\census.cache
2016-09-05 18:52 - 2016-11-19 21:19 - 01004968 _____ C:\Users\maide_000\AppData\Local\ars.cache
2016-09-05 18:50 - 2016-11-09 18:43 - 00000010 _____ C:\Users\maide_000\AppData\Local\sponge.last.runtime.cache
2016-09-05 18:43 - 2016-10-18 16:24 - 00000000 ____D C:\ProgramData\Trend Micro
2016-09-05 18:40 - 2016-09-05 18:40 - 00000036 _____ C:\Users\maide_000\AppData\Local\housecall.guid.cache
2016-09-05 05:47 - 2016-09-05 05:47 - 00165504 _____ (Samsung Electronics Co., Ltd.) C:\Windows\system32\Drivers\ssudmdm.sys
2016-09-05 05:47 - 2016-09-05 05:47 - 00131712 _____ (Samsung Electronics Co., Ltd.) C:\Windows\system32\Drivers\ssudbus.sys
2016-08-29 18:46 - 2016-08-29 18:46 - 00000000 ____D C:\Users\vette_000\AppData\Local\CrashDumps
2016-08-22 17:31 - 2016-08-22 17:32 - 156367864 _____ C:\Users\C\Downloads\MVI_1033.MOV
2016-08-22 13:21 - 2016-08-22 13:21 - 02698925 _____ C:\Users\C\Documents\Part-150-Community-Advisory-Committee-Mtg-1.28.15.pdf

==================== Three Months Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-11-20 17:18 - 2015-06-06 19:48 - 00003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3412248325-257921828-2620446140-1003
2016-11-20 17:18 - 2015-01-16 11:05 - 00003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3412248325-257921828-2620446140-1001
2016-11-20 17:14 - 2016-05-26 17:14 - 00000945 _____ C:\Windows\Tasks\EPSON XP-620 Series Update {F1AD9835-296F-4BFF-B861-A84484581C9F}.job
2016-11-20 16:57 - 2015-02-02 23:48 - 00000000 ____D C:\Users\maide_000\Documents\Bluetooth Folder
2016-11-20 16:47 - 2015-01-16 11:07 - 00000000 ___DO C:\Users\C\OneDrive
2016-11-20 16:46 - 2015-04-04 19:43 - 00000000 __SHD C:\Users\C\IntelGraphicsProfiles
2016-11-20 16:34 - 2015-08-26 16:37 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-11-20 15:59 - 2015-06-06 19:45 - 00000000 ___DO C:\Users\maide_000\OneDrive
2016-11-20 15:44 - 2015-02-02 23:37 - 00000000 ____D C:\Users\maide_000\AppData\Local\Packages
2016-11-20 15:44 - 2013-08-22 10:36 - 00000000 ____D C:\Windows\AppReadiness
2016-11-20 15:39 - 2015-06-06 19:42 - 00000000 __SHD C:\Users\maide_000\IntelGraphicsProfiles
2016-11-19 21:03 - 2015-01-22 05:59 - 00000000 ____D C:\Users\maide_000
2016-11-18 19:39 - 2014-06-25 13:01 - 00000000 ____D C:\Windows\System32\Tasks\Dell
2016-11-18 19:39 - 2014-06-25 12:54 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell
2016-11-18 13:29 - 2015-01-16 10:59 - 00000000 ____D C:\Users\C\AppData\Local\Packages
2016-11-17 20:35 - 2015-02-01 16:03 - 00000000 ___RD C:\Users\vette_000\OneDrive
2016-11-17 20:34 - 2015-06-12 19:10 - 00000000 __SHD C:\Users\vette_000\IntelGraphicsProfiles
2016-11-17 14:48 - 2015-02-01 16:07 - 00003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3412248325-257921828-2620446140-1006
2016-11-17 14:16 - 2013-08-22 08:36 - 00000000 ____D C:\Windows\Inf
2016-11-16 20:47 - 2013-08-22 10:36 - 00000000 ____D C:\Windows\system32\NDF
2016-11-16 01:13 - 2014-06-25 12:57 - 00000000 ____D C:\Program Files (x86)\Dell Backup and Recovery
2016-11-16 01:11 - 2013-08-22 09:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-11-16 01:11 - 2013-08-22 09:44 - 00346744 _____ C:\Windows\system32\FNTCACHE.DAT
2016-11-16 01:09 - 2013-08-22 08:25 - 00524288 ___SH C:\Windows\system32\config\BBI
2016-11-16 01:06 - 2013-08-22 10:36 - 00000000 ___RD C:\Windows\ToastData
2016-11-15 15:52 - 2013-08-22 10:20 - 00000000 ____D C:\Windows\CbsTemp
2016-11-15 15:51 - 2015-01-16 12:23 - 00000000 ____D C:\Windows\system32\MRT
2016-11-15 15:48 - 2015-01-16 12:23 - 141011376 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-11-14 15:12 - 2015-06-03 15:47 - 00023552 ___SH C:\Users\C\Documents\Thumbs.db
2016-11-09 11:08 - 2015-08-26 16:36 - 00140672 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-11-08 12:25 - 2015-04-08 16:34 - 00000000 ____D C:\Users\C\AppData\Local\CrashDumps
2016-11-05 18:36 - 2015-01-22 07:47 - 00000000 ____D C:\Users\maide_000\AppData\Local\ElevatedDiagnostics
2016-10-27 20:22 - 2015-04-03 21:22 - 00485032 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2016-10-27 11:22 - 2015-01-16 10:59 - 00000000 ____D C:\Users\C\AppData\Roaming\Adobe
2016-10-25 15:05 - 2015-05-29 19:57 - 00000000 ____D C:\Program Files\SUPERAntiSpyware

==================== Files in the root of some directories =======

2016-09-05 18:52 - 2016-11-19 21:19 - 1004968 _____ () C:\Users\maide_000\AppData\Local\ars.cache
2016-09-05 18:53 - 2016-11-19 21:19 - 1242166 _____ () C:\Users\maide_000\AppData\Local\census.cache
2016-09-05 18:40 - 2016-09-05 18:40 - 0000036 _____ () C:\Users\maide_000\AppData\Local\housecall.guid.cache
2016-02-22 14:22 - 2016-06-19 16:17 - 0007601 _____ () C:\Users\maide_000\AppData\Local\Resmon.ResmonCfg
2016-09-05 18:50 - 2016-11-09 18:43 - 0000010 _____ () C:\Users\maide_000\AppData\Local\sponge.last.runtime.cache
2014-06-25 12:52 - 2014-06-25 12:52 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2016-06-27 14:00 - 2016-06-27 14:00 - 0001100 _____ () C:\ProgramData\ResPntListUNI.txt

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-11-09 13:21

==================== End of FRST.txt ============================

 

Attached Files



BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,665 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:50 PM

Posted 26 November 2016 - 12:20 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/632705 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new FRST log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download FRST by Farbar from the following link if you no longer have it available and save it to your destop.

    FRST Download Link

  • When you go to the above page, there will be 32-bit and 64-bit downloads available. Please click on the appropriate one for your version of Windows. If you are unsure as to whether your Windows is 32-bit or 64-bit, please see this tutorial.
  • Double click on the FRST icon and allow it to run.
  • Agree to the usage agreement and FRST will open. Do not make any changes and click on the Scan button.
  • Notepad will open with the results.
  • Post the new logs as explained in the prep guide.
  • Close the program window, and delete the program from your desktop.


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 Tiredmaiden

Tiredmaiden
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Eastern USA
  • Local time:10:50 PM

Posted 26 November 2016 - 09:11 PM

Since my initial post on 11/21/2016, I had problems with my wifi printer, had to uninstall & reinstall.. Then,..suddenly all wifi devices could no longer connect to the network, and it took a few days of troubleshooting, running tools, power cycling modem, router, and ultimately one more reset of the router got everything connected a day or two ago.  This only makes me wonder more if there is actually an issue with the router...which is a Netgear N600 series to which I believe was mentioned with other brands a few years ago, as being vulnerable to malicious activity.   I do want to mention in case it is relevant, (this is in addition to the info in my initial post,) that the article on this site's homepage titled " Facebook and LinkedIn Spam Campaign Spreads Locky Ransomware," there is mention of "HTA" files.  Before the fake Adobe redirects, I had never heard of such a file.  When I sent the screenshots of the redirect pages to Adobe...I noted that the 'update' file it wanted to download was "FlashPlayer.hta."  In the thread over at Adobe, they had acknowledged that they had received many reports of this.  I never downloaded any fake updates (again, my original post has more info on that - I do not want to dump any unnecessary info on anyone who helps me with this problem.   One more note, if a problem is finally found (as this may be part of the same issue referenced in my first post,) I would like to install a full security suite...thinking of Kaspersky, in the hopes of keeping not only the wired PC which is the current problem, but to help keep all of my wireless devices a little 'safer' if possible.
 
Thank you in advance for assistance!
 
Here are my most recent FRST scan results:
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 23-11-2016
Ran by maide_000 (administrator) on UPSTAIRS2015 (26-11-2016 20:21:45)
Running from C:\Users\maide_000\Desktop
Loaded Profiles: maide_000 (Available Profiles: C & maide_000 & vette_000)
Platform: Windows 8.1 (Update) (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Windows ® Win 7 DDK provider) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AdminService.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S60RPB.EXE
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
() C:\Program Files (x86)\Wyse\PocketCloud\PocketCloudService.exe
(DELL Inc.) C:\Program Files (x86)\Wyse\PocketCloud\WyseRemoteAccess.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Dell Inc.) C:\Program Files (x86)\Dell Customer Connect\DCCService.exe
(Dell Products, LP.) C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
(Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpService.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Qualcomm®Atheros®) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe
() C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\ActivateDesktop.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_YATINOE.EXE
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_YATINOE.EXE
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpTray.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
==================== Registry (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-07] (Intel Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7666392 2014-12-11] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1391472 2014-12-11] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_PushButton] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1391472 2014-12-11] (Realtek Semiconductor)
HKLM\...\Run: [IgfxTray] => C:\Windows\system32\igfxtray.exe [392592 2015-03-31] ()
HKLM\...\Run: [HotKeysCmds] => "C:\Windows\system32\hkcmd.exe"
HKLM\...\Run: [Persistence] => "C:\Windows\system32\igfxpers.exe"
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1064512 2013-11-08] (SEIKO EPSON CORPORATION)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe [132736 2013-09-05] (Qualcomm®Atheros®)
HKU\S-1-5-21-3412248325-257921828-2620446140-1003\...\Run: [EPLTarget\P0000000000000000] => C:\Windows\system32\spool\DRIVERS\x64\3\E_YATINOE.EXE [298560 2013-12-16] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-3412248325-257921828-2620446140-1003\...\Run: [EPLTarget\P0000000000000001] => C:\Windows\system32\spool\DRIVERS\x64\3\E_YATINOE.EXE [298560 2013-12-16] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-3412248325-257921828-2620446140-1003\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8912088 2016-08-26] (Piriform Ltd)
HKU\S-1-5-21-3412248325-257921828-2620446140-1003\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [29635712 2016-09-12] (Skype Technologies S.A.)
HKU\S-1-5-18\...\Run: [KSS] => "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe" autorun
ShellIconOverlayIdentifiers: [DBARFileBackuped] -> {831cebdd-6baf-4432-be76-9e0989c14aef} => C:\Windows\system32\mscoree.dll [2013-08-22] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [DBARFileNotBackuped] -> {275e4fd7-21ef-45cf-a836-832e5d2cc1b3} => C:\Windows\system32\mscoree.dll [2013-08-22] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Dell Display Manager.lnk [2016-06-09]
ShortcutTarget: Dell Display Manager.lnk -> C:\Program Files (x86)\Dell\Dell Display Manager\ddm.exe (EnTech Taiwan)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ImageBrowser EX Agent.lnk [2015-06-09]
ShortcutTarget: ImageBrowser EX Agent.lnk -> C:\Program Files (x86)\Canon\ImageBrowser EX\MFManager.exe ()
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{1C5A01EE-7A62-40D4-A80B-8FBEE1AD47E8}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{2BCE2F20-9ECB-42A2-87A9-1558679AF5D5}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{8C9ADFC0-0B48-483F-8E65-BC8763B6B8B0}: [DhcpNameServer] 192.168.44.1
Internet Explorer:
==================
HKU\S-1-5-21-3412248325-257921828-2620446140-1003\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://dell13.msn.com/?pc=DCJB
HKU\S-1-5-21-3412248325-257921828-2620446140-1003\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dell13.msn.com/?pc=DCJB
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3412248325-257921828-2620446140-1003 -> DefaultScope {61E6EFAD-C865-47BF-8B4D-C7589B127CDF} URL =
SearchScopes: HKU\S-1-5-21-3412248325-257921828-2620446140-1003 -> {61E6EFAD-C865-47BF-8B4D-C7589B127CDF} URL =
FireFox:
========
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-12-09] (Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
Chrome:
=======
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com)
R2 AtherosSvc; C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe [312448 2013-09-05] (Windows ® Win 7 DDK provider) [File not signed]
R2 Dell Customer Connect; C:\Program Files (x86)\Dell Customer Connect\DCCService.exe [132472 2016-09-09] (Dell Inc.)
S3 DellProdRegManager; C:\Program Files (x86)\Dell Product Registration\regmgrsvc.exe [278568 2014-10-31] (Aviata, Inc.)
R2 DellUpdate; C:\Program Files (x86)\Dell Update\DellUpService.exe [237272 2015-08-27] (Dell Inc.)
R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [144560 2012-05-16] (Seiko Epson Corporation)
R2 EPSON_PM_RPCV4_06; C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S60RPB.EXE [152640 2013-04-15] (SEIKO EPSON CORPORATION)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-07] (Intel Corporation)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [344976 2015-03-31] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; c:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; c:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel® Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-12-09] (Intel Corporation)
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [253776 2013-07-30] (CyberLink)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [292568 2014-12-11] (Realtek Semiconductor)
R2 SftService; C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe [1915920 2014-04-04] (SoftThinks SAS)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
R2 WysePocketCloud; C:\Program Files (x86)\Wyse\PocketCloud\PocketCloudService.exe [16176 2013-08-22] ()
R2 WyseRemoteAccess; C:\Program Files (x86)\Wyse\PocketCloud\WyseRemoteAccess.exe [1785344 2013-08-19] (DELL Inc.) [File not signed]
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3859968 2013-08-16] (Qualcomm Atheros Communications, Inc.)
R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-09-05] (Qualcomm Atheros)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-05] (CyberLink)
S3 dg_ssudbus; C:\Windows\system32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics Co., Ltd.)
R3 MEIx64; C:\Windows\System32\drivers\TeeDriverx64.sys [100312 2013-12-09] (Intel Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 ssudmdm; C:\Windows\system32\DRIVERS\ssudmdm.sys [165504 2016-09-05] (Samsung Electronics Co., Ltd.)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
R2 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-11-26 20:21 - 2016-11-26 20:22 - 00012965 _____ C:\Users\maide_000\Desktop\FRST.txt
2016-11-26 20:20 - 2016-11-26 20:20 - 02412032 _____ (Farbar) C:\Users\maide_000\Desktop\FRST64.exe
2016-11-26 20:18 - 2016-11-26 20:18 - 00000000 ___RD C:\Users\maide_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2016-11-26 19:50 - 2016-11-26 19:50 - 00000000 ___RD C:\Users\C\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2016-11-26 18:27 - 2016-11-26 18:27 - 00000217 _____ C:\Users\maide_000\Desktop\Main sources of threats penetration.url
2016-11-26 18:20 - 2016-11-26 18:20 - 00000204 _____ C:\Users\maide_000\Desktop\Kaspersky Lab Technical Support#s_tab2.url
2016-11-25 01:08 - 2016-11-25 01:08 - 00000252 _____ C:\Users\C\Desktop\Buy Internet Security & Antivirus Software  Kaspersky Lab US.url
2016-11-25 00:10 - 2016-11-25 00:10 - 00000276 _____ C:\Users\C\Desktop\denial of service - Is it safe to ignore DoS attacks on my router - Information Security Stack Exchange.url
2016-11-24 23:06 - 2016-11-24 23:06 - 00065560 _____ C:\Users\C\Downloads\NETGEAR_WNDR3400v2.cfg
2016-11-22 21:24 - 2016-11-22 21:24 - 00000316 _____ C:\Users\maide_000\Desktop\Cannot connect to wireless network after changing the wireless settings or Wi-Fi passphrase on router  Answer  NETGEAR Support.url
2016-11-22 21:23 - 2016-11-22 21:23 - 00000259 _____ C:\Users\maide_000\Desktop\Some devices won't connect to home wifi. - Wireless Networking.url
2016-11-22 20:33 - 2016-11-22 20:33 - 00000242 _____ C:\Users\maide_000\Desktop\How to Power Cycle Your Home Network  Answer  NETGEAR Support.url
2016-11-22 20:33 - 2016-11-22 20:33 - 00000152 _____ C:\Users\maide_000\Desktop\RCN Knowledgebase.url
2016-11-22 20:31 - 2016-11-22 20:31 - 00000239 _____ C:\Users\maide_000\Desktop\Performing a full reset of cable modem with battery backup  Answer  NETGEAR Support.url
2016-11-22 17:28 - 2016-11-22 17:28 - 00000279 _____ C:\Users\maide_000\Desktop\Printer Setup on Wireless Network and Checklist for Printer Networking for Windows 7  Dell US.url
2016-11-22 16:24 - 2016-11-22 16:24 - 00000000 ____D C:\Users\maide_000\AppData\LocalLow\PCDr
2016-11-22 16:23 - 2016-11-23 17:29 - 00000000 ____D C:\Program Files\Dell Support Center
2016-11-22 16:19 - 2016-11-23 17:32 - 00000000 ____D C:\Users\maide_000\AppData\Local\Apps\2.0
2016-11-22 16:19 - 2016-11-22 16:20 - 00000000 ____D C:\Users\maide_000\AppData\Local\Deployment
2016-11-21 19:27 - 2016-11-21 19:27 - 00000000 ____D C:\Program Files\EPSON
2016-11-20 17:41 - 2016-11-26 20:21 - 00000000 ____D C:\FRST
2016-11-19 21:03 - 2016-11-26 16:18 - 00000000 ____D C:\Users\maide_000\AppData\Roaming\Skype
2016-11-19 21:03 - 2016-11-19 21:03 - 00000000 ____D C:\Users\maide_000\Tracing
2016-11-18 19:39 - 2016-11-18 19:39 - 00000000 ____D C:\Program Files (x86)\Dell Product Registration
2016-11-17 20:35 - 2016-11-17 20:35 - 00000000 ___RD C:\Users\vette_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2016-11-17 14:59 - 2016-11-17 15:00 - 00000000 ____D C:\Users\vette_000\Desktop\eMusic
2016-11-17 14:16 - 2016-11-23 17:30 - 00000000 ____D C:\Windows\LastGood.Tmp
2016-11-17 14:11 - 2016-11-17 14:11 - 00000000 ____D C:\Users\vette_000\AppData\Roaming\Canon
2016-11-16 20:29 - 2016-11-16 20:29 - 00000282 _____ C:\Users\C\Desktop\Medigap & Medicare Advantage Plans  Medicare.gov.url
2016-11-16 20:29 - 2016-11-16 20:29 - 00000262 _____ C:\Users\C\Desktop\Medigap vs. Medicare Advantage Plan - Which is Best Medicare Supplemen... - AARP.url
2016-11-16 01:11 - 2016-10-28 16:04 - 00828408 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-11-16 01:11 - 2016-10-28 16:04 - 00176632 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-11-15 15:15 - 2016-10-27 13:28 - 25763328 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-11-15 15:15 - 2016-10-27 13:19 - 06047744 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-11-15 15:15 - 2016-10-27 12:17 - 15257088 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-11-15 15:15 - 2016-10-27 10:05 - 20304896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-11-15 15:15 - 2016-10-22 11:44 - 04608000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-11-15 15:15 - 2016-10-22 11:30 - 13654016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-11-15 15:15 - 2016-10-07 20:34 - 01660040 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2016-11-15 15:15 - 2016-10-07 20:34 - 01212248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2016-11-15 15:15 - 2016-10-04 15:08 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\olepro32.dll
2016-11-15 15:14 - 2016-11-02 15:48 - 00372568 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2016-11-15 15:14 - 2016-11-02 15:48 - 00315224 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2016-11-15 15:14 - 2016-11-02 09:03 - 00044032 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2016-11-15 15:14 - 2016-11-02 09:00 - 00035840 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2016-11-15 15:14 - 2016-10-27 13:53 - 00576000 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-11-15 15:14 - 2016-10-27 13:51 - 02896384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-11-15 15:14 - 2016-10-27 13:37 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-11-15 15:14 - 2016-10-27 13:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-11-15 15:14 - 2016-10-27 13:07 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2016-11-15 15:14 - 2016-10-27 13:05 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-11-15 15:14 - 2016-10-27 12:57 - 01033216 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2016-11-15 15:14 - 2016-10-27 12:49 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-11-15 15:14 - 2016-10-27 12:47 - 00378880 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-11-15 15:14 - 2016-10-27 12:46 - 00806912 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-11-15 15:14 - 2016-10-27 12:46 - 00725504 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-11-15 15:14 - 2016-10-27 12:44 - 02131456 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-11-15 15:14 - 2016-10-27 12:16 - 02920448 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-11-15 15:14 - 2016-10-27 12:03 - 01543680 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-11-15 15:14 - 2016-10-27 11:54 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-11-15 15:14 - 2016-10-25 09:11 - 04169216 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-11-15 15:14 - 2016-10-22 12:35 - 00498688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-11-15 15:14 - 2016-10-22 12:34 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2016-11-15 15:14 - 2016-10-22 12:27 - 02287616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-11-15 15:14 - 2016-10-22 12:21 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-11-15 15:14 - 2016-10-22 11:58 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2016-11-15 15:14 - 2016-10-22 11:57 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2016-11-15 15:14 - 2016-10-22 11:56 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2016-11-15 15:14 - 2016-10-22 11:51 - 00880640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2016-11-15 15:14 - 2016-10-22 11:46 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2016-11-15 15:14 - 2016-10-22 11:45 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-11-15 15:14 - 2016-10-22 11:45 - 00330752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2016-11-15 15:14 - 2016-10-22 11:43 - 02055680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-11-15 15:14 - 2016-10-22 11:12 - 02444800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-11-15 15:14 - 2016-10-22 11:09 - 01312256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-11-15 15:14 - 2016-10-22 11:09 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-11-15 15:14 - 2016-10-13 14:06 - 01385280 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2016-11-15 15:14 - 2016-10-13 14:06 - 01124376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2016-11-15 15:14 - 2016-10-12 03:01 - 00377176 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\clfs.sys
2016-11-15 15:14 - 2016-10-11 15:21 - 00497448 _____ (Microsoft Corporation) C:\Windows\system32\mfsvr.dll
2016-11-15 15:14 - 2016-10-11 15:21 - 00399776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfsvr.dll
2016-11-15 15:14 - 2016-10-11 13:34 - 00247296 _____ (Microsoft Corporation) C:\Windows\system32\microsoft-windows-system-events.dll
2016-11-15 15:14 - 2016-10-11 12:47 - 00263680 _____ (Microsoft Corporation) C:\Windows\system32\input.dll
2016-11-15 15:14 - 2016-10-11 11:55 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\input.dll
2016-11-15 15:14 - 2016-10-10 16:17 - 00444248 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-11-15 15:14 - 2016-10-10 16:17 - 00333656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-11-15 15:14 - 2016-10-09 17:59 - 00551256 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\vhdmp.sys
2016-11-15 15:14 - 2016-10-08 18:12 - 00445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2016-11-15 15:14 - 2016-10-08 17:53 - 03754496 _____ (Microsoft Corporation) C:\Windows\system32\MSVidCtl.dll
2016-11-15 15:14 - 2016-10-08 17:21 - 01445376 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-11-15 15:14 - 2016-10-08 17:18 - 00840704 _____ (Microsoft Corporation) C:\Windows\system32\netlogon.dll
2016-11-15 15:14 - 2016-10-08 17:07 - 00332288 _____ (Microsoft Corporation) C:\Windows\system32\UIAnimation.dll
2016-11-15 15:14 - 2016-10-08 17:02 - 00324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2016-11-15 15:14 - 2016-10-08 16:49 - 02410496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSVidCtl.dll
2016-11-15 15:14 - 2016-10-08 16:21 - 00254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIAnimation.dll
2016-11-15 15:14 - 2016-10-04 15:39 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bowser.sys
2016-11-15 15:14 - 2016-10-04 15:23 - 00091648 _____ (Microsoft Corporation) C:\Windows\system32\asycfilt.dll
2016-11-15 15:14 - 2016-10-04 15:08 - 00077824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\asycfilt.dll
2016-11-15 15:14 - 2016-09-09 17:52 - 00921944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\refs.sys
2016-11-15 15:14 - 2016-09-09 17:14 - 00275800 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys
2016-11-15 15:14 - 2016-09-09 09:15 - 00269824 _____ (Microsoft Corporation) C:\Windows\system32\DafPrintProvider.dll
2016-11-15 15:14 - 2016-09-09 09:09 - 00203776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DafPrintProvider.dll
2016-11-15 15:14 - 2016-09-09 09:04 - 00864256 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2016-11-15 15:14 - 2016-09-09 09:03 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\iscsiwmi.dll
2016-11-15 15:14 - 2016-09-09 09:02 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iscsiwmi.dll
2016-11-15 15:14 - 2016-09-09 08:38 - 00446124 _____ C:\Windows\system32\ApnDatabase.xml
2016-11-15 15:14 - 2016-09-03 13:20 - 00075264 _____ (Microsoft Corporation) C:\Windows\system32\iscsidsc.dll
2016-11-15 15:14 - 2016-09-03 13:06 - 00151040 _____ (Microsoft Corporation) C:\Windows\system32\iscsiexe.dll
2016-11-15 15:14 - 2016-09-03 12:21 - 00055296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iscsidsc.dll
2016-11-15 15:14 - 2016-09-03 11:12 - 00512512 _____ (Microsoft Corporation) C:\Windows\system32\winspool.drv
2016-11-15 15:14 - 2016-09-03 11:05 - 01094656 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2016-11-15 15:14 - 2016-09-03 10:58 - 00397824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winspool.drv
2016-11-15 15:14 - 2016-09-02 09:05 - 00306176 _____ (Microsoft Corporation) C:\Windows\system32\pdh.dll
2016-11-15 15:14 - 2016-09-02 09:05 - 00262144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pdh.dll
2016-11-15 15:14 - 2016-09-01 09:33 - 00377856 _____ (Microsoft Corporation) C:\Windows\system32\vmrdvcore.dll
2016-11-15 15:14 - 2016-09-01 09:33 - 00342528 _____ (Microsoft Corporation) C:\Windows\system32\SessEnv.dll
2016-11-15 15:14 - 2016-09-01 09:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SessEnv.dll
2016-11-15 15:14 - 2016-08-30 09:11 - 00092672 _____ (Microsoft Corporation) C:\Windows\system32\dab.dll
2016-11-15 15:14 - 2016-08-29 21:45 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\xolehlp.dll
2016-11-15 15:14 - 2016-08-29 21:18 - 00871936 _____ (Microsoft Corporation) C:\Windows\system32\msdtcprx.dll
2016-11-15 15:14 - 2016-08-29 21:18 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xolehlp.dll
2016-11-15 15:14 - 2016-08-29 21:03 - 00721920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdtcprx.dll
2016-11-15 15:14 - 2016-08-22 08:34 - 01628672 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2016-11-14 15:06 - 2016-11-14 15:06 - 00000000 ____D C:\Users\C\AppData\Roaming\webex
2016-11-14 14:06 - 2016-11-14 15:06 - 00000000 ____D C:\Users\C\AppData\LocalLow\WebEx
2016-11-14 14:06 - 2016-11-14 14:06 - 00487464 _____ C:\Users\C\AppData\LocalLow\Pre3637.tmp
2016-11-14 14:06 - 2016-11-14 14:06 - 00214471 _____ C:\Users\C\AppData\LocalLow\Pre3C14.tmp
2016-11-14 14:06 - 2016-11-14 14:06 - 00188168 _____ C:\Users\C\AppData\LocalLow\Pre3106.tmp
2016-11-14 14:06 - 2016-11-14 14:06 - 00000000 ____D C:\Users\C\AppData\Local\WebEx
2016-11-14 14:06 - 2016-11-14 14:06 - 00000000 ____D C:\ProgramData\WebEx
2016-11-09 18:59 - 2016-11-23 17:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HouseCall for Home Networks
2016-11-09 18:35 - 2016-11-09 18:35 - 00000000 ____D C:\Windows\Trend Micro
2016-11-09 17:38 - 2016-11-09 17:39 - 257311552 _____ C:\Users\C\Downloads\EmsisoftEmergencyKit.exe
2016-11-04 10:58 - 2016-11-04 10:58 - 00000210 _____ C:\Users\C\Desktop\Social Security Online - The Red Book - SSDI Only Employment Supports.url
2016-11-04 10:25 - 2016-11-04 10:25 - 00000159 _____ C:\Users\C\Desktop\The Mental Health Providers Role in a Clients Request for a Reasonable Accommodation at Work.url
2016-11-04 10:25 - 2016-11-04 10:25 - 00000136 _____ C:\Users\C\Desktop\Disability Discrimination.url
2016-10-28 17:12 - 2016-10-28 17:12 - 00630508 _____ C:\Users\C\Documents\Chris_Staller12.pdf
2016-10-27 11:22 - 2016-10-27 11:22 - 00000000 ____D C:\Users\C\AppData\LocalLow\Adobe
2016-10-27 11:21 - 2016-10-28 17:15 - 00000000 ____D C:\Program Files (x86)\Adobe
2016-10-27 11:20 - 2016-10-27 11:23 - 00000000 ____D C:\ProgramData\Adobe
2016-10-27 11:20 - 2016-10-27 11:20 - 00000000 ____D C:\Users\maide_000\AppData\Local\Adobe
2016-10-27 11:19 - 2016-10-27 11:22 - 00000000 ____D C:\Users\C\AppData\Local\Adobe
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-11-26 20:18 - 2015-02-02 23:48 - 00000000 ____D C:\Users\maide_000\Documents\Bluetooth Folder
2016-11-26 20:14 - 2016-05-26 17:14 - 00000945 _____ C:\Windows\Tasks\EPSON XP-620 Series Update {F1AD9835-296F-4BFF-B861-A84484581C9F}.job
2016-11-26 19:57 - 2013-08-22 10:36 - 00000000 ____D C:\Windows\system32\NDF
2016-11-26 19:54 - 2015-06-06 19:48 - 00003596 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3412248325-257921828-2620446140-1003
2016-11-26 19:54 - 2015-01-16 11:05 - 00003596 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3412248325-257921828-2620446140-1001
2016-11-26 19:49 - 2015-04-04 19:43 - 00000000 __SHD C:\Users\C\IntelGraphicsProfiles
2016-11-26 19:49 - 2015-01-16 11:07 - 00000000 ___DO C:\Users\C\OneDrive
2016-11-26 19:31 - 2016-09-20 11:31 - 00000945 _____ C:\Windows\Tasks\EPSON XP-620 Series Update {586CD628-8417-4BF1-BF13-0D0CC6139A5C}.job
2016-11-26 16:57 - 2015-01-22 07:47 - 00000000 ____D C:\Users\maide_000\AppData\Local\ElevatedDiagnostics
2016-11-26 16:57 - 2013-08-22 10:36 - 00000000 ____D C:\Windows\AppReadiness
2016-11-26 16:18 - 2015-02-02 23:37 - 00000000 ____D C:\Users\maide_000\AppData\Local\Packages
2016-11-26 16:11 - 2016-10-18 14:59 - 00000000 ____D C:\ProgramData\Kaspersky Lab Setup Files
2016-11-26 16:01 - 2015-06-06 19:45 - 00000000 ___DO C:\Users\maide_000\OneDrive
2016-11-26 16:01 - 2015-06-06 19:42 - 00000000 __SHD C:\Users\maide_000\IntelGraphicsProfiles
2016-11-25 01:38 - 2014-06-25 12:57 - 00000000 ____D C:\Program Files (x86)\Dell Backup and Recovery
2016-11-25 01:36 - 2016-09-05 18:59 - 00000000 ____D C:\Program Files (x86)\Trend Micro
2016-11-25 01:36 - 2013-08-22 09:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-11-25 01:35 - 2013-08-22 08:25 - 00524288 ___SH C:\Windows\system32\config\BBI
2016-11-24 18:22 - 2013-08-22 10:36 - 00000000 ____D C:\Windows\rescache
2016-11-24 16:23 - 2013-08-22 10:36 - 00000000 ___HD C:\Program Files\WindowsApps
2016-11-24 16:20 - 2013-08-22 08:36 - 00000000 ____D C:\Windows\Inf
2016-11-23 19:10 - 2015-06-27 01:05 - 00000000 ____D C:\Users\maide_000\AppData\Local\CrashDumps
2016-11-23 18:00 - 2015-08-26 16:37 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-11-23 17:45 - 2016-09-05 18:43 - 00000000 ____D C:\ProgramData\Trend Micro
2016-11-23 17:32 - 2015-01-22 05:59 - 00000000 ____D C:\Users\maide_000
2016-11-23 17:31 - 2014-06-25 12:54 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell
2016-11-23 17:30 - 2015-04-03 21:48 - 00000000 ___SD C:\Windows\system32\GWX
2016-11-23 17:30 - 2015-02-01 15:57 - 00000000 ____D C:\Users\vette_000
2016-11-23 17:30 - 2015-01-16 10:59 - 00000000 ____D C:\Users\C
2016-11-23 17:29 - 2016-05-26 17:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON Software
2016-11-23 17:29 - 2016-05-26 17:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON
2016-11-23 17:29 - 2016-05-26 17:11 - 00000000 ____D C:\Program Files (x86)\EPSON Software
2016-11-23 17:29 - 2015-01-25 20:11 - 00000000 ____D C:\Program Files (x86)\epson
2016-11-23 17:29 - 2015-01-16 11:00 - 00000000 ____D C:\ProgramData\Atheros
2016-11-23 17:29 - 2014-06-25 12:54 - 00000000 ____D C:\ProgramData\PCDr
2016-11-23 17:29 - 2014-06-25 12:42 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2016-11-23 17:18 - 2013-08-22 10:36 - 00000000 ____D C:\Windows\registration
2016-11-23 17:17 - 2016-05-26 17:11 - 00000000 ____D C:\Program Files\EpsonNet
2016-11-23 17:17 - 2015-01-28 18:57 - 00000000 ____D C:\Users\maide_000\AppData\Roaming\PCDr
2016-11-23 17:17 - 2015-01-25 20:10 - 00000000 ____D C:\Program Files\Common Files\EPSON
2016-11-23 16:55 - 2015-09-10 14:43 - 00003271 _____ C:\Users\C\Desktop\WNDR3400v2-V1.0.0.52_1.0.81_ReleaseNotes.html
2016-11-23 16:55 - 2015-06-01 07:26 - 06713402 _____ C:\Users\C\Desktop\WNDR3400v2-V1.0.0.52_1.0.81.chk
2016-11-22 16:31 - 2014-06-25 12:59 - 00000000 ____D C:\Temp
2016-11-21 19:27 - 2013-08-22 10:36 - 00000000 ____D C:\Windows\system32\FxsTmp
2016-11-21 15:09 - 2015-02-02 23:36 - 00000000 ____D C:\Users\maide_000\AppData\Local\VirtualStore
2016-11-19 21:19 - 2016-09-05 18:53 - 01242166 _____ C:\Users\maide_000\AppData\Local\census.cache
2016-11-19 21:19 - 2016-09-05 18:52 - 01004968 _____ C:\Users\maide_000\AppData\Local\ars.cache
2016-11-18 19:39 - 2014-06-25 13:01 - 00000000 ____D C:\Windows\System32\Tasks\Dell
2016-11-18 13:29 - 2015-01-16 10:59 - 00000000 ____D C:\Users\C\AppData\Local\Packages
2016-11-17 20:35 - 2015-02-01 16:03 - 00000000 ___RD C:\Users\vette_000\OneDrive
2016-11-17 20:34 - 2015-06-12 19:10 - 00000000 __SHD C:\Users\vette_000\IntelGraphicsProfiles
2016-11-17 14:48 - 2015-02-01 16:07 - 00003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3412248325-257921828-2620446140-1006
2016-11-16 01:11 - 2013-08-22 09:44 - 00346744 _____ C:\Windows\system32\FNTCACHE.DAT
2016-11-16 01:06 - 2013-08-22 10:36 - 00000000 ___RD C:\Windows\ToastData
2016-11-15 15:52 - 2013-08-22 10:20 - 00000000 ____D C:\Windows\CbsTemp
2016-11-15 15:51 - 2015-01-16 12:23 - 00000000 ____D C:\Windows\system32\MRT
2016-11-15 15:48 - 2015-01-16 12:23 - 141011376 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-11-14 15:12 - 2015-06-03 15:47 - 00023552 ___SH C:\Users\C\Documents\Thumbs.db
2016-11-09 18:43 - 2016-09-05 18:50 - 00000010 _____ C:\Users\maide_000\AppData\Local\sponge.last.runtime.cache
2016-11-09 11:08 - 2015-08-26 16:36 - 00140672 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-11-08 12:25 - 2015-04-08 16:34 - 00000000 ____D C:\Users\C\AppData\Local\CrashDumps
2016-10-27 20:22 - 2015-04-03 21:22 - 00485032 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2016-10-27 11:22 - 2015-01-16 10:59 - 00000000 ____D C:\Users\C\AppData\Roaming\Adobe
==================== Files in the root of some directories =======
2016-09-05 18:52 - 2016-11-19 21:19 - 1004968 _____ () C:\Users\maide_000\AppData\Local\ars.cache
2016-09-05 18:53 - 2016-11-19 21:19 - 1242166 _____ () C:\Users\maide_000\AppData\Local\census.cache
2016-09-05 18:40 - 2016-09-05 18:40 - 0000036 _____ () C:\Users\maide_000\AppData\Local\housecall.guid.cache
2016-02-22 14:22 - 2016-06-19 16:17 - 0007601 _____ () C:\Users\maide_000\AppData\Local\Resmon.ResmonCfg
2016-09-05 18:50 - 2016-11-09 18:43 - 0000010 _____ () C:\Users\maide_000\AppData\Local\sponge.last.runtime.cache
2014-06-25 12:52 - 2014-06-25 12:52 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2016-06-27 14:00 - 2016-06-27 14:00 - 0001100 _____ () C:\ProgramData\ResPntListUNI.txt
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2016-11-21 15:38
==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 23-11-2016
Ran by maide_000 (26-11-2016 20:22:30)
Running from C:\Users\maide_000\Desktop
Windows 8.1 (Update) (X64) (2015-01-16 15:59:38)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3412248325-257921828-2620446140-500 - Administrator - Disabled)
C (S-1-5-21-3412248325-257921828-2620446140-1001 - Limited - Enabled) => C:\Users\C
Guest (S-1-5-21-3412248325-257921828-2620446140-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3412248325-257921828-2620446140-1005 - Limited - Enabled)
maide_000 (S-1-5-21-3412248325-257921828-2620446140-1003 - Administrator - Enabled) => C:\Users\maide_000
vette_000 (S-1-5-21-3412248325-257921828-2620446140-1006 - Limited - Enabled) => C:\Users\vette_000

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Canon PowerShot SX50 HS Camera User Guide (HKLM-x32\...\CameraUserGuide-PSSX50HS) (Version: 1.0.0.1 - Canon Inc.)
Canon Utilities CameraWindow DC 8 (HKLM-x32\...\CameraWindowDC) (Version: 8.9.0.4 - Canon Inc.)
Canon Utilities Digital Photo Professional (HKLM-x32\...\Digital Photo Professional) (Version: 3.14.48.1 - Canon Inc.)
Canon Utilities ImageBrowser EX (HKLM-x32\...\ImageBrowser EX) (Version: 1.5.2.8 - Canon Inc.)
Canon Utilities PhotoStitch (HKLM-x32\...\PhotoStitch) (Version: 3.1.23.47 - Canon Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.22 - Piriform)
CyberLink Media Suite Essentials (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 10.0 - CyberLink Corp.)
Dell Backup and Recovery - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 1.7.1.2 - Dell Inc.)
Dell Backup and Recovery (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 1.7.1.2 - Dell Inc.)
Dell Customer Connect (HKLM-x32\...\{35BEC446-269E-42E4-8EED-191A38CCFF3D}) (Version: 1.4.10.0 - Dell Inc.)
Dell Digital Delivery (HKLM-x32\...\{693A23FB-F28B-4F7A-A720-4C1263F97F43}) (Version: 3.1.1002.0 - Dell Products, LP)
Dell Display Manager (HKLM-x32\...\{AC50C05D-9D57-40F5-B2EF-AC402F14312B}_is1) (Version: - EnTech Taiwan)
Dell Product Registration (HKLM-x32\...\{24F2AD94-CC1B-4294-B184-D4D31A3186A7}) (Version: 2.42.0012 - Aviata Inc.)
Dell Update (HKLM-x32\...\{DB82968B-57A4-4397-81A5-ECAB21B5DFCD}) (Version: 1.7.1015.0 - Dell Inc.)
Dell WLAN and Bluetooth Client Installation (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Dell Inc.)
Epson Event Manager (HKLM-x32\...\{86B4A6B9-07FD-48EC-8730-1EC82E80C3D7}) (Version: 3.10.0030 - Seiko Epson Corporation)
Epson Print CD (HKLM-x32\...\{D16A31F9-276D-4968-A753-FFEAC56995D0}) (Version: 2.31.00 - SEIKO EPSON CORPORATION)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - Seiko Epson Corporation)
Epson Software Updater (HKLM-x32\...\{B4F0E794-11F5-4971-85EC-6D7F2E4DAC68}) (Version: 4.4.3 - SEIKO EPSON CORPORATION)
EPSON XP-620 Series Printer Uninstall (HKLM\...\EPSON XP-620 Series) (Version: - SEIKO EPSON Corporation)
Epson XP-620 User’s Guide version 1.0 (HKLM-x32\...\UsersGuideEpson XP-620 User’s Guide_is1) (Version: 1.0 - )
EpsonNet Print (HKLM\...\{F983229B-587E-4322-BCB9-D7A49734E5CD}) (Version: 3.0.0.0 - SEIKO EPSON CORPORATION)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.23.1766 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.14.4156 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.0.1016 - Intel Corporation)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
PocketCloud (HKLM-x32\...\{D9752C7D-A595-4687-A0D5-362E9C311C55}) (Version: 2.7.14 - Wyse Technology)
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.304 - Qualcomm Atheros Communications)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.30164 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7404 - Realtek Semiconductor Corp.)
Skype™ 7.28 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.28.101 - Skype Technologies S.A.)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1194 - SUPERAntiSpyware.com)
System Checkup 3.5 (HKLM-x32\...\{4AC7B4E7-59B7-4E48-A60D-263C486FC33A}_is1) (Version: 3.5.0.23 - iolo technologies, LLC)
System Requirements Lab Detection (HKLM-x32\...\{C2977600-0EBB-48EF-9EBB-65308E296944}) (Version: 6.1.6.0 - Husdawg, LLC)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {04F74683-DE3C-463A-BD30-11029DD7EF9B} - System32\Tasks\PocketCloudVirtualChannel => C:\Program Files (x86)\Wyse\PocketCloud\WPCRDPVirtualChannelServer.exe [2013-08-22] ()
Task: {07029E3D-0F86-41C0-8ED3-4AEBDA7D3210} - System32\Tasks\Dell\Dell Product Registration Update => C:\Program Files (x86)\Dell Product Registration\prodreg.exe [2014-10-31] (Aviata Inc)
Task: {0FCC075C-5973-4199-BB6A-075E5C751F0D} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-08-26] (Piriform Ltd)
Task: {4088E77A-478D-4A81-B5A9-A25DB4635800} - System32\Tasks\PocketCloud => C:\Program Files (x86)\Wyse\PocketCloud\PocketCloudDesktopApp.exe [2013-08-22] ()
Task: {442416BE-DC7F-49A7-91C2-E8DB9E475824} - System32\Tasks\PocketCloudUpdater => C:\Program [Argument = Files (x86)\Wyse\PocketCloud\Updater.exe]
Task: {4DDF46AA-53A0-44AE-BF4B-2C2CC04276AE} - System32\Tasks\EPSON XP-620 Series Update {F1AD9835-296F-4BFF-B861-A84484581C9F} => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSNOE.EXE [2013-11-22] (SEIKO EPSON CORPORATION)
Task: {570CFF6F-E568-4965-8A6C-A2671B268184} - System32\Tasks\RtHDVBg_PushButton => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2014-12-11] (Realtek Semiconductor)
Task: {5BB47F64-26CC-4639-AF7F-6C126644042B} - System32\Tasks\EPSON XP-620 Series Update {586CD628-8417-4BF1-BF13-0D0CC6139A5C} => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSNOE.EXE [2013-11-22] (SEIKO EPSON CORPORATION)
Task: {5E0A064F-F113-4BF4-A3CE-0C9648F019C5} - System32\Tasks\Dell\Dell Product Registration => C:\Program Files (x86)\Dell Product Registration\prodreg.exe [2014-10-31] (Aviata Inc)
Task: {77C75934-8A83-4FB3-B033-78A721DC4456} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2013-03-04] (CyberLink)
Task: {8F3B11A2-E833-4805-B99E-75D4D3E0008C} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2016-11-15] (Microsoft Corporation)
Task: {CE1B5D02-5FFE-4134-8A1B-442C7998A5D3} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2013-03-22] (CyberLink Corp.)
Task: {FE43F60C-2FFE-4CAB-9072-19D5700FBC22} - System32\Tasks\iolo System Checkup => C:\ProgramData\iolo\scustask.lnk [Argument = /toaster]

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\EPSON XP-620 Series Update {586CD628-8417-4BF1-BF13-0D0CC6139A5C}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSNOE.EXE:/EXE:{586CD628-8417-4BF1-BF13-0D0CC6139A5C} /F:Update WORKGROUP\UPSTAIRS2015$ĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi
Task: C:\Windows\Tasks\EPSON XP-620 Series Update {F1AD9835-296F-4BFF-B861-A84484581C9F}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSNOE.EXE:/EXE:{F1AD9835-296F-4BFF-B861-A84484581C9F} /F:Update WORKGROUP\UPSTAIRS2015$ĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2013-08-22 13:40 - 2013-08-22 13:40 - 00016176 _____ () C:\Program Files (x86)\Wyse\PocketCloud\PocketCloudService.exe
2013-08-22 13:40 - 2013-08-22 13:40 - 00040240 _____ () C:\Program Files (x86)\Wyse\PocketCloud\AetherServiceLib.dll
2013-08-22 13:40 - 2013-08-22 13:40 - 00046384 _____ () C:\Program Files (x86)\Wyse\PocketCloud\AetherHelperLib.dll
2014-06-25 12:59 - 2014-03-12 14:22 - 00020256 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayIcon.dll
2014-06-25 12:59 - 2014-03-12 14:22 - 00019232 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayNotBackuped.dll
2014-06-25 12:59 - 2014-03-12 14:22 - 00035104 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBRShellExtension.dll
2014-06-25 13:15 - 2015-03-31 18:02 - 00392592 _____ () C:\Windows\system32\igfxTray.exe
2013-09-05 01:20 - 2013-09-05 01:20 - 00011264 _____ () C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll
2013-09-05 01:17 - 2013-09-05 01:17 - 00086016 _____ () C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Modules\Map\MAP.dll
2013-09-05 01:24 - 2013-09-05 01:24 - 00012928 _____ () C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\ActivateDesktop.exe
2016-09-09 07:32 - 2016-09-09 07:32 - 00134008 _____ () C:\Program Files (x86)\Dell Customer Connect\ServiceTagPlusPlus.dll
2015-03-16 10:28 - 2015-03-16 10:28 - 00155528 _____ () C:\Program Files (x86)\Dell Digital Delivery\ServiceTagPlusPlus.dll
2014-06-25 12:46 - 2013-12-09 17:27 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dell Click 2 Fix => "DisplayName"="Dell"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dell Click 2 Fix => "ErrorControl"="1"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dell Click 2 Fix => "ImagePath"="C:\Program Files\Dell\Click 2 Fix\srvc.exe"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dell Click 2 Fix => "ObjectName"="LocalSystem"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dell Click 2 Fix => "Start"="2"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dell Click 2 Fix => "Type"="272"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MSIServer => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-3412248325-257921828-2620446140-1003\...\dell.com -> dell.com
IE restricted site: HKU\S-1-5-21-3412248325-257921828-2620446140-1003\...\facebook.com -> hxxp://www.facebook.com
IE restricted site: HKU\S-1-5-21-3412248325-257921828-2620446140-1003\...\twitter.com -> hxxp://twitter.com

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 08:25 - 2016-09-19 13:38 - 00000035 ____A C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3412248325-257921828-2620446140-1003\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Dell\Win LTBLUE 1920x1200.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

HKLM\...\StartupApproved\StartupFolder: => "ImageBrowser EX Agent.lnk"
HKU\S-1-5-21-3412248325-257921828-2620446140-1003\...\StartupApproved\Run: => "Skype"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{21D70745-015E-4CBF-87AF-ED0EBFBABD27}] => (Allow) C:\Program Files (x86)\Wyse\PocketCloud\PocketCloudDesktopApp.exe
FirewallRules: [{E33E6978-85D7-4F16-AEF8-6DE66F4CD30C}] => (Allow) C:\Program Files (x86)\Wyse\PocketCloud\AetherWindowsService.exe
FirewallRules: [{7EFC642B-F78B-469C-A6E0-473FCF363C4D}] => (Allow) C:\Program Files (x86)\Wyse\PocketCloud\WyseRemoteAccess.exe
FirewallRules: [{22BAF40F-0C4E-4BBE-96D9-5C3CC60D4686}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE
FirewallRules: [{76877A72-75AC-4951-AABA-4ABF1293B569}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD Cinema\PowerDVDCinema12.exe
FirewallRules: [{8C5585CB-01E9-4468-9014-BC89F2368029}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{B02BB66A-96C0-47D3-AD07-2DD29DEAACD8}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{B4F7662A-C2D4-4382-9603-65A6BAD00739}] => (Allow) E:\Common\EpsonNet Setup\ENEasyApp.exe
FirewallRules: [{3FA380BB-A4CC-4A3D-9F91-466C321B514C}] => (Allow) E:\Common\EpsonNet Setup\ENEasyApp.exe
FirewallRules: [TCP Query User{65C5FDB3-25BA-4AF3-9084-C8933770E1AD}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [UDP Query User{63F6F9DD-8DB4-4FCA-AA49-963FD3E4B9DF}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [{A4E62220-12A2-485D-A523-6613EB449745}] => (Block) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [{230BD2A6-F8ED-4D91-9B99-565DBDE57491}] => (Block) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [{970B510D-1A98-4585-B876-16CCEEBF6970}] => (Allow) C:\Program Files (x86)\Epson Software\ECPrinterSetup\ENPApp.exe
FirewallRules: [{B5C0E6AF-3C29-44E3-9702-F94A89A846F6}] => (Allow) C:\Program Files (x86)\Epson Software\ECPrinterSetup\ENPApp.exe
FirewallRules: [TCP Query User{0D191D62-93C0-455A-93E3-8A77C54D258C}C:\program files (x86)\videolan\vlc\vlc.exe] => (Block) C:\program files (x86)\videolan\vlc\vlc.exe
FirewallRules: [UDP Query User{C5F01356-141A-48D1-BAE3-FC26E9AED4BD}C:\program files (x86)\videolan\vlc\vlc.exe] => (Block) C:\program files (x86)\videolan\vlc\vlc.exe
FirewallRules: [TCP Query User{4C07CDE3-9200-413C-B262-0F79499E7D8B}C:\users\c\appdata\local\skypeplugin\7.15.0.49\pluginhost.exe] => (Allow) C:\users\c\appdata\local\skypeplugin\7.15.0.49\pluginhost.exe
FirewallRules: [UDP Query User{95063FE2-A81C-4E8C-B442-B51F803C26C6}C:\users\c\appdata\local\skypeplugin\7.15.0.49\pluginhost.exe] => (Allow) C:\users\c\appdata\local\skypeplugin\7.15.0.49\pluginhost.exe
FirewallRules: [{23C855D1-74FF-4C86-A7A3-ADE6D5878E89}] => (Allow) C:\Program Files (x86)\Epson Software\ECPrinterSetup\ENPApp.exe
FirewallRules: [{53527621-E1FE-4A0C-AEB9-697FEA41DBB9}] => (Allow) C:\Program Files (x86)\Epson Software\ECPrinterSetup\ENPApp.exe
FirewallRules: [{7F8AD49C-7541-4A22-AE18-26E5C0A4E195}] => (Allow) E:\Common\EpsonNet Setup\ENEasyApp.exe
FirewallRules: [{1484983F-CF14-45B8-A0F8-10EEA5391C88}] => (Allow) E:\Common\EpsonNet Setup\ENEasyApp.exe
FirewallRules: [TCP Query User{BF4E8329-83E9-4C32-8465-291F1906789C}C:\windows\system32\mmc.exe] => (Block) C:\windows\system32\mmc.exe
FirewallRules: [UDP Query User{B424F884-E7E3-44AB-B526-52D2A0FAC49F}C:\windows\system32\mmc.exe] => (Block) C:\windows\system32\mmc.exe
FirewallRules: [TCP Query User{BF871CC6-0156-425F-8C49-51863B1FFDF6}C:\users\maide_000\appdata\local\temp\housecall\tmase\nmap\nmap.exe] => (Allow) C:\users\maide_000\appdata\local\temp\housecall\tmase\nmap\nmap.exe
FirewallRules: [UDP Query User{5C2CA3E9-5147-4593-BA05-C384A1F409AB}C:\users\maide_000\appdata\local\temp\housecall\tmase\nmap\nmap.exe] => (Allow) C:\users\maide_000\appdata\local\temp\housecall\tmase\nmap\nmap.exe
FirewallRules: [TCP Query User{74E32B66-0315-4467-AF18-CA1972AEA4FE}C:\users\c\appdata\local\amazon music\amazon music helper.exe] => (Block) C:\users\c\appdata\local\amazon music\amazon music helper.exe
FirewallRules: [UDP Query User{F01C1C13-0202-40C9-B8F8-2B48B8CC918A}C:\users\c\appdata\local\amazon music\amazon music helper.exe] => (Block) C:\users\c\appdata\local\amazon music\amazon music helper.exe
FirewallRules: [TCP Query User{2437F263-03EC-4FF5-A3A5-A4C2D521D0BF}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{076D9E5C-6D34-46DD-B85F-4D656CA897E1}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{E7427787-ADA9-4B33-9DFA-72B3F87B76F9}C:\users\maide_000\appdata\local\temp\housecall32\tmase\nmap\nmap.exe] => (Allow) C:\users\maide_000\appdata\local\temp\housecall32\tmase\nmap\nmap.exe
FirewallRules: [UDP Query User{16D15CAC-EB84-43A4-9F01-A59D9B07BD06}C:\users\maide_000\appdata\local\temp\housecall32\tmase\nmap\nmap.exe] => (Allow) C:\users\maide_000\appdata\local\temp\housecall32\tmase\nmap\nmap.exe
FirewallRules: [{E0F6AEA0-2AB7-40FA-BA49-427680BA54D2}] => (Allow) C:\Program Files (x86)\Trend Micro\DRScanner\sdk\monitor_process.exe
FirewallRules: [{4CA8E046-4F7A-400E-B8B3-0BE35400D59D}] => (Allow) C:\Program Files (x86)\Trend Micro\DRScanner\sdk\monitor_process.exe
FirewallRules: [{38F0C94C-45CE-4102-BA76-A34BF7F7FF12}] => (Allow) C:\Program Files (x86)\Trend Micro\DRScanner\sdk\monitor_process.exe
FirewallRules: [{70F49442-1960-4F2A-BC4D-87B63C369633}] => (Allow) C:\Program Files (x86)\Trend Micro\DRScanner\sdk\monitor_process.exe
FirewallRules: [{99140B86-833B-428F-B10D-C4262E1A5B7F}] => (Allow) C:\Program Files (x86)\Trend Micro\DRScanner\sdk\monitor_process.exe
FirewallRules: [{3801EB83-74F0-4777-8CE4-4F8EDB2A1904}] => (Allow) C:\Program Files (x86)\Trend Micro\DRScanner\sdk\monitor_process.exe
FirewallRules: [{17D530E4-4124-480C-A1A8-BF72DFA4521F}] => (Allow) C:\Program Files (x86)\Trend Micro\DRScanner\sdk\monitor_process.exe
FirewallRules: [{04CA8A68-11DF-4CD8-9428-8C6C66ACFEB1}] => (Allow) C:\Program Files (x86)\Trend Micro\DRScanner\sdk\monitor_process.exe
FirewallRules: [{DDC28F1B-99A6-4ADE-AFDD-EEB0C4E092C9}] => (Allow) C:\Program Files (x86)\Trend Micro\DRScanner\sdk\monitor_process.exe
FirewallRules: [{F1CADAD9-8A06-4F13-B4B3-3F0B093B6E94}] => (Allow) C:\Program Files (x86)\Trend Micro\DRScanner\sdk\monitor_process.exe
FirewallRules: [{B2BCFF96-931E-44B5-96FC-9E6ADC740B61}] => (Allow) C:\Program Files (x86)\Trend Micro\DRScanner\sdk\monitor_process.exe
FirewallRules: [{577559AA-0C54-4067-95FB-F7CC2A367022}] => (Allow) C:\Program Files (x86)\Trend Micro\DRScanner\sdk\monitor_process.exe
FirewallRules: [{A8786DEC-CA39-49DC-BF95-481A71DBE739}] => (Allow) C:\Program Files (x86)\Trend Micro\DRScanner\sdk\monitor_process.exe
FirewallRules: [{3FE725E7-F417-437C-AEB4-A508A6C7FEAA}] => (Allow) C:\Program Files (x86)\Trend Micro\DRScanner\sdk\monitor_process.exe
FirewallRules: [{1643656A-AF2A-4DEA-B40B-7871ADFD37AB}] => (Allow) C:\Program Files (x86)\Trend Micro\DRScanner\sdk\monitor_process.exe
FirewallRules: [{9B9B0982-6187-4775-93D7-B9266AB2B9E4}] => (Allow) C:\Program Files (x86)\Trend Micro\DRScanner\sdk\monitor_process.exe
FirewallRules: [{70076FCB-AE12-4AA9-B8B3-9F58CF9D87C7}] => (Allow) C:\Program Files (x86)\Trend Micro\DRScanner\sdk\monitor_process.exe
FirewallRules: [{9218040C-B91F-4311-B4A6-157103E6123E}] => (Allow) C:\Program Files (x86)\Trend Micro\DRScanner\sdk\monitor_process.exe
FirewallRules: [{D293D78F-D39A-463B-9795-97D8216A8046}] => (Allow) C:\Program Files (x86)\Trend Micro\DRScanner\sdk\monitor_process.exe
FirewallRules: [{15314977-A0DA-443B-BE11-7D6EB1FD7C71}] => (Allow) C:\Program Files (x86)\Trend Micro\DRScanner\sdk\monitor_process.exe
FirewallRules: [{9424261C-313C-4264-B565-A51DA51AEA58}] => (Allow) C:\Program Files (x86)\Trend Micro\DRScanner\sdk\monitor_process.exe
FirewallRules: [{AA418AF0-65B6-40E7-A827-C3F9697C425A}] => (Allow) C:\Program Files (x86)\Trend Micro\DRScanner\sdk\monitor_process.exe
FirewallRules: [{266EF263-870B-437B-87A6-E68AD827CC01}] => (Allow) C:\Program Files (x86)\Trend Micro\DRScanner\sdk\monitor_process.exe
FirewallRules: [{C08B0CDE-99F6-46D6-BFD1-854EB1A569F6}] => (Allow) C:\Program Files (x86)\Trend Micro\DRScanner\sdk\monitor_process.exe
FirewallRules: [{247FB64D-FC5A-4F2A-ADD2-99637D4BA8DF}] => (Allow) C:\Program Files (x86)\Trend Micro\DRScanner\sdk\monitor_process.exe
FirewallRules: [{00990E6C-2485-48C2-8228-1FAAB210C6E9}] => (Allow) C:\Program Files (x86)\Trend Micro\DRScanner\sdk\monitor_process.exe
FirewallRules: [{27418CA1-F9B6-4493-B6BD-67A58D110D0B}] => (Allow) C:\Program Files (x86)\Trend Micro\DRScanner\sdk\monitor_process.exe
FirewallRules: [{FF760C07-D43E-4738-85BA-4869987B0C75}] => (Allow) C:\Program Files (x86)\Trend Micro\DRScanner\sdk\monitor_process.exe
FirewallRules: [{13560D98-B3A3-418E-AF05-E2E4CCC53064}] => (Allow) C:\Program Files (x86)\Trend Micro\DRScanner\sdk\monitor_process.exe
FirewallRules: [{90E3BC83-B719-4045-A966-D509B2FAC0F8}] => (Allow) C:\Program Files (x86)\Trend Micro\DRScanner\sdk\monitor_process.exe
FirewallRules: [{3AD80ABC-8531-443C-A268-05E9615918DF}] => (Allow) C:\Program Files (x86)\Trend Micro\DRScanner\sdk\monitor_process.exe
FirewallRules: [{B36219D2-1D3A-4AEF-B42D-7B1600DFCB3D}] => (Allow) C:\Program Files (x86)\Trend Micro\DRScanner\sdk\monitor_process.exe
FirewallRules: [{721A66EA-04A6-4B8F-9D72-BAC92DBE66D4}] => (Allow) C:\Program Files (x86)\Trend Micro\DRScanner\sdk\monitor_process.exe
FirewallRules: [{417E2A15-EBD0-4702-9338-217AF1680B67}] => (Allow) C:\Program Files (x86)\Trend Micro\DRScanner\sdk\monitor_process.exe
FirewallRules: [{DDF9E2F5-78EA-44E0-A5B8-0D2FBCA9A314}] => (Allow) C:\Program Files (x86)\Trend Micro\DRScanner\sdk\monitor_process.exe
FirewallRules: [{DB90D277-0E64-4A81-BCFE-85A9BDF2A72C}] => (Allow) C:\Program Files (x86)\Trend Micro\DRScanner\sdk\monitor_process.exe
FirewallRules: [{A7B6A71C-F26A-48E5-9D3A-0C7E2162F432}] => (Allow) C:\Program Files (x86)\Trend Micro\DRScanner\sdk\monitor_process.exe
FirewallRules: [{FCE6D106-80AB-41C6-9C66-CC2B0207F72C}] => (Allow) C:\Program Files (x86)\Trend Micro\DRScanner\sdk\monitor_process.exe
FirewallRules: [{E3DFA925-573C-4F89-9B4F-15194EE3E038}] => (Allow) C:\Program Files (x86)\Trend Micro\DRScanner\sdk\monitor_process.exe
FirewallRules: [{19089B47-5162-4883-991E-7E385E34C92F}] => (Allow) C:\Program Files (x86)\Trend Micro\DRScanner\sdk\monitor_process.exe
FirewallRules: [{6886E6E3-817F-467F-A5F8-C1CF8A92E993}] => (Allow) C:\Program Files (x86)\Trend Micro\DRScanner\sdk\monitor_process.exe
FirewallRules: [{D9D2CF6C-F642-4403-9980-4BE208D9DD1F}] => (Allow) C:\Program Files (x86)\Trend Micro\DRScanner\sdk\monitor_process.exe
FirewallRules: [{2F63F7CE-7F58-4A43-B352-E390E7A81261}] => (Allow) C:\Program Files (x86)\Trend Micro\DRScanner\sdk\monitor_process.exe
FirewallRules: [{4129D237-D61C-44DF-BE6F-6F11D65507DA}] => (Allow) C:\Program Files (x86)\Trend Micro\DRScanner\sdk\monitor_process.exe
FirewallRules: [{2B97937E-AF5B-4D66-B9D4-229875331DF7}] => (Allow) C:\Program Files (x86)\Trend Micro\DRScanner\sdk\monitor_process.exe
FirewallRules: [{733CE09B-3BB6-4F5E-928A-4BD605CB00AF}] => (Allow) C:\Program Files (x86)\Trend Micro\DRScanner\sdk\monitor_process.exe
FirewallRules: [{395F6974-4FB2-4EBD-A1E3-7D12ED86A556}] => (Allow) C:\Program Files (x86)\Trend Micro\DRScanner\sdk\monitor_process.exe
FirewallRules: [{B7C9814B-42E3-4B14-89D9-1BF0B7A28586}] => (Allow) C:\Program Files (x86)\Trend Micro\DRScanner\sdk\monitor_process.exe
FirewallRules: [{B4EB4A0A-D971-4012-8222-C1F368F0F67C}] => (Allow) C:\Program Files (x86)\Trend Micro\DRScanner\sdk\monitor_process.exe
FirewallRules: [{8DA41F77-01A6-4EF4-9A02-6033301EFE1F}] => (Allow) C:\Program Files (x86)\Trend Micro\DRScanner\sdk\monitor_process.exe
FirewallRules: [{79F099AB-2828-4810-A5F2-86BD8320EA15}] => (Allow) C:\Program Files (x86)\Trend Micro\DRScanner\sdk\monitor_process.exe
FirewallRules: [{1B86ED7F-9D15-49F3-99A6-8EEDD6CF59C4}] => (Allow) C:\Program Files (x86)\Trend Micro\DRScanner\sdk\monitor_process.exe
FirewallRules: [{B9353C13-3B22-47BE-90FB-DF4DC7D6A76F}] => (Allow) C:\Program Files (x86)\Trend Micro\DRScanner\sdk\monitor_process.exe
FirewallRules: [{F544AC2B-DB85-40C9-9B04-936B1A812C1E}] => (Allow) C:\Program Files (x86)\Trend Micro\DRScanner\sdk\monitor_process.exe
FirewallRules: [{F8B1EA1A-7351-4CC6-8E70-3FF6B62DC479}] => (Allow) C:\Program Files (x86)\Trend Micro\DRScanner\sdk\monitor_process.exe
FirewallRules: [{C2CDA3DB-1D2C-4DE4-8935-A307C9838B91}] => (Allow) C:\Program Files (x86)\Trend Micro\DRScanner\sdk\monitor_process.exe
FirewallRules: [{FED86334-A447-43F1-9F78-6C33426728FE}] => (Allow) C:\Program Files (x86)\Trend Micro\DRScanner\sdk\monitor_process.exe
FirewallRules: [{AB03A733-4C52-4615-BAF7-001A40275792}] => (Allow) C:\Program Files (x86)\Trend Micro\DRScanner\sdk\monitor_process.exe
FirewallRules: [{81650CD1-9C41-4548-A1DB-6B808E2B0E1E}] => (Allow) C:\Program Files (x86)\Trend Micro\DRScanner\sdk\monitor_process.exe
FirewallRules: [{E9A94BEC-A5C5-41FD-9B7F-CB868A297B01}] => (Allow) C:\Program Files (x86)\Trend Micro\DRScanner\sdk\monitor_process.exe
FirewallRules: [{6B3FB5B3-29A2-4E2E-9BD7-7B3A1CB0FB1A}] => (Allow) C:\Program Files (x86)\Trend Micro\DRScanner\sdk\monitor_process.exe
FirewallRules: [{2505FD83-42C6-43FF-A9BE-201263FB62F9}] => (Allow) C:\Program Files (x86)\Trend Micro\DRScanner\sdk\monitor_process.exe
FirewallRules: [{BC2B7FF7-C2FE-4B23-8028-E982467CE4C0}] => (Allow) C:\Program Files (x86)\Trend Micro\DRScanner\sdk\monitor_process.exe
FirewallRules: [{02B54E30-73AB-4FB5-810F-4796E486541A}] => (Allow) C:\Program Files (x86)\Trend Micro\DRScanner\sdk\monitor_process.exe
FirewallRules: [{42CCF15A-386F-46E9-97AB-7975EDFD7FEB}] => (Allow) C:\Program Files (x86)\Trend Micro\DRScanner\sdk\monitor_process.exe
FirewallRules: [{B714A495-5E9C-4D37-889B-4C7B7B968C6D}] => (Allow) C:\Program Files (x86)\Trend Micro\DRScanner\sdk\monitor_process.exe
FirewallRules: [{DCF077E8-967E-4B36-891A-B4A851545BDF}] => (Allow) C:\Program Files (x86)\Trend Micro\DRScanner\sdk\monitor_process.exe
FirewallRules: [{11E7CC30-7EF9-4F3A-9712-E9B943B22830}] => (Allow) C:\Program Files (x86)\Trend Micro\DRScanner\sdk\monitor_process.exe
FirewallRules: [{45CF4081-1FE7-41FB-A7E7-2EDB7E25EE1D}] => (Allow) C:\Program Files (x86)\Trend Micro\DRScanner\sdk\monitor_process.exe
FirewallRules: [{5989B6AF-3D0A-4D61-B85C-70F4223B409B}] => (Allow) C:\Program Files (x86)\Trend Micro\DRScanner\sdk\monitor_process.exe
FirewallRules: [{FB5FACE9-8ED1-481C-BCBC-5304ACDEE583}] => (Allow) C:\Program Files (x86)\Trend Micro\DRScanner\sdk\monitor_process.exe
FirewallRules: [{A01C6250-B3E0-4782-A13C-34DCF1B5917D}] => (Allow) C:\Program Files (x86)\Trend Micro\DRScanner\sdk\monitor_process.exe
FirewallRules: [{FBCF0C28-21F5-4636-AA2D-04264DDE2E3C}] => (Allow) C:\Program Files (x86)\Trend Micro\DRScanner\sdk\monitor_process.exe
FirewallRules: [{EA286826-F921-4E36-83B3-65BD9C3AA172}] => (Allow) C:\Program Files (x86)\Trend Micro\DRScanner\sdk\monitor_process.exe
FirewallRules: [{078B4F2D-F46D-4C54-8E39-15B2B5121CCF}] => (Allow) C:\Program Files (x86)\Trend Micro\DRScanner\sdk\monitor_process.exe
FirewallRules: [{37313DCF-CF7D-403E-9B8B-CC1D45CA039E}] => (Allow) C:\Program Files (x86)\Trend Micro\DRScanner\sdk\monitor_process.exe
FirewallRules: [{7BB7149B-CFCC-41DF-95EE-532CD4848318}] => (Allow) C:\Program Files (x86)\Trend Micro\DRScanner\sdk\monitor_process.exe
FirewallRules: [{21CED69E-5DFA-4711-9CF1-723A2493D782}] => (Allow) C:\Program Files (x86)\Trend Micro\DRScanner\sdk\monitor_process.exe
FirewallRules: [{FDFA4C4E-E7E3-4FCB-B457-48B10D9EDA5D}] => (Allow) C:\Program Files (x86)\Trend Micro\DRScanner\sdk\monitor_process.exe
FirewallRules: [{AB5BABBE-7F2E-440D-AEBC-171CB5F56238}] => (Allow) C:\Program Files (x86)\Trend Micro\DRScanner\sdk\monitor_process.exe
FirewallRules: [{46CACF3D-1507-4D76-AB11-CDB991F1AE88}] => (Allow) C:\Program Files (x86)\Trend Micro\DRScanner\sdk\monitor_process.exe
FirewallRules: [{BE0BB0C9-FA03-41B4-BBDF-C9D27A0B21C9}] => (Allow) C:\Program Files (x86)\Trend Micro\DRScanner\sdk\monitor_process.exe
FirewallRules: [{079A2A89-F159-44F3-BAA0-A8327A41D404}] => (Allow) C:\Program Files (x86)\Trend Micro\DRScanner\sdk\monitor_process.exe
FirewallRules: [{EBF8A933-6926-4C8D-9F98-1A73AB58C38F}] => (Allow) C:\Program Files (x86)\Trend Micro\DRScanner\sdk\monitor_process.exe
FirewallRules: [{D37C7B05-C335-4441-A2DA-27675A6EA57C}] => (Allow) C:\Program Files (x86)\Trend Micro\DRScanner\sdk\monitor_process.exe
FirewallRules: [{91872891-8AB4-4D82-ABC8-11D7FEB9DC28}] => (Allow) C:\Program Files (x86)\Trend Micro\DRScanner\sdk\monitor_process.exe
FirewallRules: [{5D972EF2-A6E8-4BAB-AD7A-743E42EC0170}] => (Allow) C:\Program Files (x86)\Trend Micro\DRScanner\sdk\monitor_process.exe
FirewallRules: [{95982A24-4BF6-470B-990F-485D686EA58F}] => (Allow) C:\Program Files (x86)\Trend Micro\DRScanner\sdk\monitor_process.exe
FirewallRules: [{0205AEBA-7DBD-435E-B3F9-CF1DEEB17D0E}] => (Allow) C:\Program Files (x86)\Trend Micro\DRScanner\sdk\monitor_process.exe
FirewallRules: [{34EDBC95-B95B-4E1E-A3EC-5203A42F35E6}] => (Allow) C:\Program Files (x86)\Trend Micro\DRScanner\sdk\monitor_process.exe
FirewallRules: [{47A1635C-49F5-4626-A415-6A8BBE789486}] => (Allow) C:\Program Files (x86)\Trend Micro\DRScanner\sdk\monitor_process.exe
FirewallRules: [{2BC5E9D6-FD4C-4055-983F-F930A1658B6A}] => (Allow) C:\Program Files (x86)\Trend Micro\DRScanner\sdk\monitor_process.exe
FirewallRules: [{79568EE2-B490-49F4-9F28-BBA338D095D9}] => (Allow) C:\Program Files (x86)\Trend Micro\DRScanner\sdk\monitor_process.exe
FirewallRules: [{32BA50EF-1825-493B-80AE-D2843C705C6A}] => (Allow) C:\Program Files (x86)\Trend Micro\DRScanner\sdk\monitor_process.exe
FirewallRules: [{8041A875-A994-4054-8C8E-8A8E7ACE4D65}] => (Allow) C:\Program Files (x86)\Trend Micro\DRScanner\sdk\monitor_process.exe
FirewallRules: [{588A7C65-095F-4864-A32D-35AAD81DA0D2}] => (Allow) C:\Program Files (x86)\Trend Micro\DRScanner\sdk\monitor_process.exe
FirewallRules: [{2F6202BC-AEC2-4243-BD75-FF986A432FBE}] => (Allow) C:\Program Files (x86)\Trend Micro\DRScanner\sdk\monitor_process.exe
FirewallRules: [{82DAFBA5-6ED3-4B7F-BA48-AFD5701F67A9}] => (Allow) C:\Program Files (x86)\Trend Micro\DRScanner\sdk\monitor_process.exe
FirewallRules: [{86114CDC-31FC-44DA-BE21-61AEEC5B5CB2}] => (Allow) C:\Program Files (x86)\Trend Micro\DRScanner\sdk\monitor_process.exe
FirewallRules: [{9F08E157-269E-4C61-BEAD-44D5ED497414}] => (Allow) C:\Program Files (x86)\Trend Micro\DRScanner\sdk\monitor_process.exe
FirewallRules: [{34291B74-06A2-469C-8381-023F70F2FA59}] => (Allow) C:\Program Files (x86)\Trend Micro\DRScanner\sdk\monitor_process.exe
FirewallRules: [{4F2F4126-88A5-4D9D-8DEB-9F1EB17ECC6D}] => (Allow) C:\Program Files (x86)\Trend Micro\DRScanner\sdk\monitor_process.exe
FirewallRules: [{4BE58B20-7368-4460-A61E-08902869D23B}] => (Allow) C:\Program Files (x86)\Trend Micro\DRScanner\sdk\monitor_process.exe
FirewallRules: [{49B1E2C5-E495-4372-B3AD-567C86AEA1F7}] => (Allow) C:\Program Files (x86)\Trend Micro\DRScanner\sdk\monitor_process.exe
FirewallRules: [{EDB96F48-C14C-4473-A874-9E35B617FC43}] => (Allow) C:\Program Files (x86)\Trend Micro\DRScanner\sdk\monitor_process.exe
FirewallRules: [{C44DD57E-4C36-440F-9441-8B6D402D8AD8}] => (Allow) C:\Program Files (x86)\Trend Micro\DRScanner\sdk\monitor_process.exe
FirewallRules: [{240162E8-9226-44A1-B802-E98D1F2C0F33}] => (Allow) C:\Program Files (x86)\Trend Micro\DRScanner\sdk\monitor_process.exe
FirewallRules: [{D94F0176-C370-428C-9ABD-604C511110EF}] => (Allow) C:\Program Files (x86)\Trend Micro\DRScanner\sdk\monitor_process.exe
FirewallRules: [{816DD666-88A5-4051-909B-EAD61C13A6DF}] => (Allow) C:\Program Files (x86)\Trend Micro\DRScanner\sdk\monitor_process.exe
FirewallRules: [{3AF86A6C-CC70-4055-9056-529B5B514544}] => (Allow) C:\Program Files (x86)\Trend Micro\DRScanner\sdk\monitor_process.exe
FirewallRules: [{0041236B-4119-47B8-BAC8-D52197D0B638}] => (Allow) C:\Program Files (x86)\Trend Micro\DRScanner\sdk\monitor_process.exe
FirewallRules: [{3B2F4035-5C51-4C78-A58F-8A5EE4A90A30}] => (Allow) C:\Program Files (x86)\Trend Micro\DRScanner\sdk\monitor_process.exe
FirewallRules: [{E733522D-C4BC-4A1B-8560-B9D99E8D9743}] => (Allow) C:\Program Files (x86)\Trend Micro\DRScanner\sdk\monitor_process.exe
FirewallRules: [{F7FBE82E-0722-431A-ABCC-19F3602B372E}] => (Allow) C:\Program Files (x86)\Trend Micro\DRScanner\sdk\monitor_process.exe
FirewallRules: [{7390C808-E637-41D3-A615-84134A61B0F9}] => (Allow) C:\Program Files (x86)\Trend Micro\DRScanner\sdk\monitor_process.exe
FirewallRules: [{77490080-422D-4120-B9DC-E2DAD49BEE31}] => (Allow) C:\Program Files (x86)\Trend Micro\DRScanner\sdk\monitor_process.exe
FirewallRules: [{79F02A9C-8566-48D4-A469-8866F2A3FF29}] => (Allow) C:\Program Files (x86)\Trend Micro\DRScanner\sdk\monitor_process.exe
FirewallRules: [{9B220414-D9AB-4394-9E1B-EEB5C456FB35}] => (Allow) C:\Program Files (x86)\Trend Micro\DRScanner\sdk\monitor_process.exe
FirewallRules: [{F954D1D8-F090-48DF-B9FA-C95B7E4E3477}] => (Allow) C:\Program Files (x86)\Trend Micro\DRScanner\sdk\monitor_process.exe
FirewallRules: [{4951560B-E113-45EC-8EDD-70EA91847185}] => (Allow) C:\Program Files (x86)\Trend Micro\DRScanner\sdk\monitor_process.exe
FirewallRules: [{35414F14-B8AB-465D-90D0-397813A1941B}] => (Allow) C:\Program Files (x86)\Trend Micro\DRScanner\sdk\monitor_process.exe
FirewallRules: [{DF4AFCA9-269A-43BA-A14C-C7C5B104E7B1}] => (Allow) C:\Program Files (x86)\Trend Micro\DRScanner\sdk\monitor_process.exe
FirewallRules: [{F7DE81AA-E3A1-4BEC-9ED8-851011FEF0E7}] => (Allow) C:\Program Files (x86)\Trend Micro\DRScanner\sdk\monitor_process.exe
FirewallRules: [{34F5DF27-15B4-43D9-9201-9FDF2E5BEC1F}] => (Allow) C:\Program Files (x86)\Trend Micro\DRScanner\sdk\monitor_process.exe
FirewallRules: [{3DA28860-C7E3-4169-B1F1-C34A20301C92}] => (Allow) C:\Program Files (x86)\Trend Micro\DRScanner\sdk\monitor_process.exe
FirewallRules: [{B2478F8F-7840-41E6-BB31-64707C8655B3}] => (Allow) C:\Program Files (x86)\Trend Micro\DRScanner\sdk\monitor_process.exe
FirewallRules: [{D66D3BF6-D70F-4E1F-912C-184E2BC5FFE4}] => (Allow) C:\Program Files (x86)\Trend Micro\DRScanner\sdk\monitor_process.exe
FirewallRules: [{4736C973-843E-498F-8610-BBDB3D3DEBF2}] => (Allow) C:\Program Files (x86)\Trend Micro\DRScanner\sdk\monitor_process.exe
FirewallRules: [{7F01F7A4-D0A5-47E9-826B-D6C3DFBE0194}] => (Allow) C:\Program Files (x86)\Trend Micro\DRScanner\nmap\nmap.exe
FirewallRules: [{86D2F873-ABC9-420A-B881-1EFF4D95BC92}] => (Allow) C:\Program Files (x86)\Trend Micro\DRScanner\sdk\monitor_process.exe
FirewallRules: [{EF1C8F81-FB05-4040-8FC3-2377077C8E16}] => (Allow) C:\Program Files (x86)\Trend Micro\DRScanner\sdk\monitor_process.exe
FirewallRules: [{34E32A98-3D59-4785-B5E7-6A81A2C15B0E}] => (Allow) C:\Program Files (x86)\Trend Micro\DRScanner\sdk\monitor_process.exe
FirewallRules: [{014D942E-E2E5-4BB9-AF6F-BF5830FF84A8}] => (Allow) C:\Program Files (x86)\Trend Micro\DRScanner\sdk\monitor_process.exe
FirewallRules: [{50DF9737-3FF1-44F6-A5F5-E2766025B75F}] => (Allow) C:\Program Files (x86)\Trend Micro\DRScanner\sdk\monitor_process.exe
FirewallRules: [{669197D0-4C60-4A90-A3EB-8DCD1DFABAFA}] => (Allow) C:\Program Files (x86)\Trend Micro\DRScanner\sdk\monitor_process.exe
FirewallRules: [{E406CBA3-726B-461B-83AE-620CA163A864}] => (Allow) C:\Program Files (x86)\Trend Micro\DRScanner\sdk\monitor_process.exe
FirewallRules: [{F7267015-E770-47E7-BA87-51EE3D50E268}] => (Allow) C:\Program Files (x86)\Trend Micro\DRScanner\sdk\monitor_process.exe
FirewallRules: [{12591880-C73C-42BD-9800-7209C8F0206A}] => (Allow) C:\Program Files (x86)\Trend Micro\DRScanner\sdk\monitor_process.exe
FirewallRules: [{EADC3890-7987-4271-89A6-F1D3671B5CE2}] => (Allow) C:\Program Files (x86)\Trend Micro\DRScanner\sdk\monitor_process.exe
FirewallRules: [{7B069C8D-8C1D-4E24-B3C3-B39AD21ED9A5}] => (Allow) C:\Program Files (x86)\Trend Micro\DRScanner\sdk\monitor_process.exe
FirewallRules: [{001759DB-E3AA-4F91-A1BB-020F522F5FC3}] => (Allow) C:\Program Files (x86)\Trend Micro\DRScanner\sdk\monitor_process.exe
FirewallRules: [{D499EB42-63A7-42DA-870F-6E8B30CD4AD9}] => (Allow) C:\Program Files (x86)\Trend Micro\DRScanner\sdk\monitor_process.exe
FirewallRules: [{C8A2D9D4-9A84-4C08-AB39-03E492A6885D}] => (Allow) C:\Program Files (x86)\Trend Micro\DRScanner\sdk\monitor_process.exe
FirewallRules: [{0B02F8D0-F843-4E42-9A32-454CAF92A1AB}] => (Allow) C:\Program Files (x86)\Trend Micro\DRScanner\sdk\monitor_process.exe
FirewallRules: [{CF6CB596-762C-4A45-B43F-7FB5A0BB9BEA}] => (Allow) C:\Program Files (x86)\Trend Micro\DRScanner\sdk\monitor_process.exe
FirewallRules: [{D62368D0-5D0A-4975-BBB5-A18C19C1102B}] => (Allow) C:\Program Files (x86)\Trend Micro\DRScanner\sdk\monitor_process.exe
FirewallRules: [{CD55EDB1-CBEE-4D28-8688-2B349FC7772C}] => (Allow) C:\Program Files (x86)\Trend Micro\DRScanner\sdk\monitor_process.exe
FirewallRules: [{90D155ED-8E45-4BE8-ACA6-CC8CF0CC67E5}] => (Allow) C:\Program Files (x86)\Trend Micro\DRScanner\sdk\monitor_process.exe
FirewallRules: [{A7206D63-6146-4381-B977-6A331F6586CD}] => (Allow) C:\Program Files (x86)\Trend Micro\DRScanner\sdk\monitor_process.exe
FirewallRules: [{BBF7C3A6-5405-48A5-8382-508BC8480667}] => (Allow) C:\Program Files (x86)\Trend Micro\DRScanner\sdk\monitor_process.exe
FirewallRules: [{97B3EB0D-0C4E-44AE-AB88-7D34FEB3BB18}] => (Allow) C:\Program Files (x86)\Trend Micro\DRScanner\sdk\monitor_process.exe
FirewallRules: [{379D00EF-AC2E-437D-A15B-4636AED1EBB2}] => (Allow) C:\Program Files (x86)\Trend Micro\DRScanner\sdk\monitor_process.exe
FirewallRules: [{03C4C6F8-E626-4FCC-816F-77FBD3F2C87C}] => (Allow) C:\Program Files (x86)\Trend Micro\DRScanner\sdk\monitor_process.exe
FirewallRules: [{A9DC7173-C4D0-4DDA-8865-640B89BD8564}] => (Allow) C:\Program Files (x86)\Trend Micro\DRScanner\sdk\monitor_process.exe
FirewallRules: [{D6BB46CF-155D-4C31-A737-02745631D6D4}] => (Allow) C:\Program Files (x86)\Trend Micro\DRScanner\sdk\monitor_process.exe
FirewallRules: [{F72994BC-4B3C-4879-AA77-AB10B3E8E007}] => (Allow) C:\Program Files (x86)\Trend Micro\DRScanner\sdk\monitor_process.exe
FirewallRules: [{0D84630D-E882-4B65-9835-A3F3DE928AA3}] => (Allow) C:\Program Files (x86)\Trend Micro\DRScanner\sdk\monitor_process.exe
FirewallRules: [{1E60F67A-F351-4310-B355-1BA702E10242}] => (Allow) C:\Program Files (x86)\Trend Micro\DRScanner\sdk\monitor_process.exe
FirewallRules: [{44FF979A-8B64-4D8B-9EEC-76E22669C1D1}] => (Allow) C:\Program Files (x86)\Trend Micro\DRScanner\sdk\monitor_process.exe
FirewallRules: [{B39E039C-A86E-4B64-A802-9B72A97B5D66}] => (Allow) C:\Program Files (x86)\Trend Micro\DRScanner\sdk\monitor_process.exe
FirewallRules: [{2320CDCC-1869-4840-86EC-9CB373EEC1F0}] => (Allow) C:\Program Files (x86)\Trend Micro\DRScanner\sdk\monitor_process.exe
FirewallRules: [{C9D909CD-FA8A-4864-8256-896EAB6607D4}] => (Allow) C:\Program Files (x86)\Trend Micro\DRScanner\sdk\monitor_process.exe
FirewallRules: [{190BDF0B-000D-49EB-A39E-017A0C2C1CB8}] => (Allow) C:\Program Files (x86)\Trend Micro\DRScanner\sdk\monitor_process.exe
FirewallRules: [{35E6D579-C5E4-4171-BA0E-7C577B489BF4}] => (Allow) C:\Program Files (x86)\Trend Micro\DRScanner\sdk\monitor_process.exe
FirewallRules: [{D5F6AEE5-B5AC-4C36-91FF-D831099F7D9F}] => (Allow) C:\Program Files (x86)\Trend Micro\DRScanner\sdk\monitor_process.exe
FirewallRules: [{4BBC3206-A13C-4D29-B120-A86CDE5FFC71}] => (Allow) C:\Program Files (x86)\Trend Micro\DRScanner\sdk\monitor_process.exe
FirewallRules: [{9E9B4C05-54D2-411A-9BE3-921CC5D89B9E}] => (Allow) C:\Program Files (x86)\Trend Micro\DRScanner\sdk\monitor_process.exe

==================== Restore Points =========================

05-11-2016 19:28:59 Scheduled Checkpoint
15-11-2016 15:43:54 Windows Update
20-11-2016 16:34:53 Installed WOT for Internet Explorer
20-11-2016 16:37:28 Installed WOT for Internet Explorer
21-11-2016 16:17:59 Removed Epson Event Manager
21-11-2016 16:20:16 Removed Epson Software Updater
21-11-2016 16:21:37 Removed EpsonNet Print
23-11-2016 17:14:03 Restore Operation

==================== Faulty Device Manager Devices =============

Name: Bluetooth Device (Personal Area Network)
Description: Bluetooth Device (Personal Area Network)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: BthPan
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (11/26/2016 07:12:53 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program EPSDNAVI.EXE version 4.4.2.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1948

Start Time: 01d2483ac6088fbd

Termination Time: 4294967295

Application Path: C:\Program Files (x86)\Epson Software\Download Navigator\EPSDNAVI.EXE

Report Id: 3c8482a8-b436-11e6-829d-f8bc129619e2

Faulting package full name:

Faulting package-relative application ID:

Error: (11/26/2016 04:58:41 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3002) (User: NT AUTHORITY)
Description: The performance counter explain text string value in the registry is not formatted correctly. The malformed string is 敧氺湩慥⵲牧摡敩瑮琨潢瑴浯⌬㐰挹扤⌬㐰㐵扤㬩慢正牧畯摮爭灥慥㩴敲数瑡砭戻牯敤⵲潣潬㩲〣㔴搴⁢〣㔴搴⁢〣㌳㤷㬰潢摲牥挭汯牯爺执⡡ⰰⰰⰰㄮ
杲慢〨〬〬⸬⤱爠执⡡ⰰⰰⰰ㈮⤵昻汩整㩲牰杯摩䐺䥘慭敧牔湡晳牯⹭楍牣獯景⹴牧摡敩瑮攨慮汢摥昽污敳㬩潣潬㩲昣晦琻硥⵴桳摡睯〺ⴠ瀱⁸‰杲慢〨〬〬⸬㔲紩搮瑡灥捩敫⁲摴猠慰⹮捡楴敶愮瑣癩ⱥ搮瑡灥捩敫⁲摴猠慰⹮捡楴敶搮獩扡敬Ɽ搮瑡灥捩敫⁲摴猠慰⹮捡楴敶搮獩扡敬⹤捡楴敶⸬慤整楰正牥琠⁤灳湡愮瑣癩⹥楤慳汢摥搮獩扡敬Ɽ搮瑡灥捩敫⁲摴猠慰⹮捡楴敶搮獩扡敬㩤捡楴敶⸬慤整楰正牥琠⁤灳湡愮瑣癩⹥楤慳汢摥栺癯牥⸬慤整楰正牥琠⁤灳湡愮瑣癩⹥楤慳汢摥栺癯牥愮瑣癩ⱥ搮瑡灥捩敫⁲摴猠慰⹮捡楴敶搮獩扡敬㩤潨敶⹲楤慳汢摥⸬慤整楰正牥琠⁤灳湡愮瑣癩⹥楤慳汢摥栺癯牥愺瑣癩ⱥ搮瑡灥捩敫⁲摴猠慰⹮捡楴敶搮獩扡敬㩤潨敶㩲潨敶Ⱳ搮瑡灥捩敫⁲摴猠慰⹮捡楴敶搮獩扡敬㩤潨敶孲楤慳汢摥ⱝ搮瑡灥捩敫⁲摴猠慰⹮捡楴敶搮獩扡敬孤楤慳汢摥ⱝ搮瑡灥捩敫⁲摴猠慰⹮捡楴敶愺瑣癩ⱥ搮瑡灥捩敫⁲摴猠慰⹮捡楴敶栺癯牥⸬慤整楰正牥琠⁤灳湡愮瑣癩㩥潨敶⹲捡楴敶⸬慤整楰正牥琠⁤灳湡愮瑣癩㩥潨敶⹲楤慳汢摥⸬慤整楰正牥琠⁤灳湡愮瑣癩㩥潨敶㩲捡楴敶⸬慤整楰正牥琠⁤灳湡愮瑣癩㩥潨敶㩲潨敶Ⱳ搮瑡灥捩敫⁲摴猠慰⹮捡楴敶栺癯牥摛獩扡敬嵤⸬慤整楰正牥琠⁤灳湡愮瑣癩孥楤慳汢摥筝潣潬㩲昣晦戻捡杫潲湵ⵤ潣潬㩲〣㔴搴絢搮瑡灥捩敫⁲摴猠慰⹮汯筤潣潬㩲㤣㤹⹽慤整楰正牥琠⹨睳瑩档睻摩桴ㄺ㔴硰⹽慤整楰正牥琠敨摡琠㩲楦獲⵴档汩⁤桴捻牵潳㩲潰湩整絲搮瑡灥捩敫⁲桴慥⁤牴昺物瑳挭楨摬琠㩨潨敶筲慢正牧畯摮⌺敥絥椮灮瑵愭灰湥⹤慤整⸠摡ⵤ湯椠⸬湩異⵴牰灥湥⹤慤整⸠摡ⵤ湯椠摻獩汰祡戺潬正挻牵潳㩲潰湩整㭲楷瑤㩨㘱硰栻楥桧㩴㘱硰}. The first DWORD in the Data section contains the index value to the malformed string while the second and third DWORDs in the Data section contain the last valid index values.

Error: (11/23/2016 07:10:41 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SystemCheckup.exe, version: 3.5.0.23, time stamp: 0x528aca72
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x0022b9d2
Faulting process id: 0x1404
Faulting application start time: 0x01d245e72e59c7f6
Faulting application path: C:\Program Files (x86)\iolo\System Checkup\SystemCheckup.exe
Faulting module path: unknown
Report Id: 6edfe48e-b1da-11e6-829c-f8bc129619e2
Faulting package full name:
Faulting package-relative application ID:

Error: (11/23/2016 07:10:36 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SystemCheckup.exe, version: 3.5.0.23, time stamp: 0x528aca72
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x02442c54
Faulting process id: 0x1404
Faulting application start time: 0x01d245e72e59c7f6
Faulting application path: C:\Program Files (x86)\iolo\System Checkup\SystemCheckup.exe
Faulting module path: unknown
Report Id: 6c4b78a5-b1da-11e6-829c-f8bc129619e2
Faulting package full name:
Faulting package-relative application ID:

Error: (11/23/2016 06:00:00 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (1400) SRUJet: Error -1811 (0xfffff8ed) occurred while opening logfile C:\Windows\system32\SRU\SRU00361.log.

Error: (11/23/2016 05:44:27 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program DRScanner.exe version 2.1.0.1103 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 11dc

Start Time: 01d245d9bddec28c

Termination Time: 4294967295

Application Path: C:\Program Files (x86)\Trend Micro\DRScanner\DRScanner.exe

Report Id: 631c58fb-b1ce-11e6-829c-f8bc129619e2

Faulting package full name:

Faulting package-relative application ID:

Error: (11/23/2016 05:34:44 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SftService.exe, version: 3.0.0.24, time stamp: 0x52726044
Faulting module name: SDSSmartRepairTools.dll, version: 1.0.2.20, time stamp: 0x502356ac
Exception code: 0xc00001a5
Fault offset: 0x00067593
Faulting process id: 0x964
Faulting application start time: 0x01d245d9c91a1eba
Faulting application path: C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe
Faulting module path: C:\Program Files (x86)\Dell Backup and Recovery\SDSSmartRepairTools.dll
Report Id: 07ab8bcf-b1cd-11e6-829c-f8bc129619e2
Faulting package full name:
Faulting package-relative application ID:

Error: (11/22/2016 06:56:56 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3002) (User: NT AUTHORITY)
Description: The performance counter explain text string value in the registry is not formatted correctly. The malformed string is 敧氺湩慥⵲牧摡敩瑮琨潢瑴浯⌬㐰挹扤⌬㐰㐵扤㬩慢正牧畯摮爭灥慥㩴敲数瑡砭戻牯敤⵲潣潬㩲〣㔴搴⁢〣㔴搴⁢〣㌳㤷㬰潢摲牥挭汯牯爺执⡡ⰰⰰⰰㄮ
杲慢〨〬〬⸬⤱爠执⡡ⰰⰰⰰ㈮⤵昻汩整㩲牰杯摩䐺䥘慭敧牔湡晳牯⹭楍牣獯景⹴牧摡敩瑮攨慮汢摥昽污敳㬩潣潬㩲昣晦琻硥⵴桳摡睯〺ⴠ瀱⁸‰杲慢〨〬〬⸬㔲紩搮瑡灥捩敫⁲摴猠慰⹮捡楴敶愮瑣癩ⱥ搮瑡灥捩敫⁲摴猠慰⹮捡楴敶搮獩扡敬Ɽ搮瑡灥捩敫⁲摴猠慰⹮捡楴敶搮獩扡敬⹤捡楴敶⸬慤整楰正牥琠⁤灳湡愮瑣癩⹥楤慳汢摥搮獩扡敬Ɽ搮瑡灥捩敫⁲摴猠慰⹮捡楴敶搮獩扡敬㩤捡楴敶⸬慤整楰正牥琠⁤灳湡愮瑣癩⹥楤慳汢摥栺癯牥⸬慤整楰正牥琠⁤灳湡愮瑣癩⹥楤慳汢摥栺癯牥愮瑣癩ⱥ搮瑡灥捩敫⁲摴猠慰⹮捡楴敶搮獩扡敬㩤潨敶⹲楤慳汢摥⸬慤整楰正牥琠⁤灳湡愮瑣癩⹥楤慳汢摥栺癯牥愺瑣癩ⱥ搮瑡灥捩敫⁲摴猠慰⹮捡楴敶搮獩扡敬㩤潨敶㩲潨敶Ⱳ搮瑡灥捩敫⁲摴猠慰⹮捡楴敶搮獩扡敬㩤潨敶孲楤慳汢摥ⱝ搮瑡灥捩敫⁲摴猠慰⹮捡楴敶搮獩扡敬孤楤慳汢摥ⱝ搮瑡灥捩敫⁲摴猠慰⹮捡楴敶愺瑣癩ⱥ搮瑡灥捩敫⁲摴猠慰⹮捡楴敶栺癯牥⸬慤整楰正牥琠⁤灳湡愮瑣癩㩥潨敶⹲捡楴敶⸬慤整楰正牥琠⁤灳湡愮瑣癩㩥潨敶⹲楤慳汢摥⸬慤整楰正牥琠⁤灳湡愮瑣癩㩥潨敶㩲捡楴敶⸬慤整楰正牥琠⁤灳湡愮瑣癩㩥潨敶㩲潨敶Ⱳ搮瑡灥捩敫⁲摴猠慰⹮捡楴敶栺癯牥摛獩扡敬嵤⸬慤整楰正牥琠⁤灳湡愮瑣癩孥楤慳汢摥筝潣潬㩲昣晦戻捡杫潲湵ⵤ潣潬㩲〣㔴搴絢搮瑡灥捩敫⁲摴猠慰⹮汯筤潣潬㩲㤣㤹⹽慤整楰正牥琠⹨睳瑩档睻摩桴ㄺ㔴硰⹽慤整楰正牥琠敨摡琠㩲楦獲⵴档汩⁤桴捻牵潳㩲潰湩整絲搮瑡灥捩敫⁲桴慥⁤牴昺物瑳挭楨摬琠㩨潨敶筲慢正牧畯摮⌺敥絥椮灮瑵愭灰湥⹤慤整⸠摡ⵤ湯椠⸬湩異⵴牰灥湥⹤慤整⸠摡ⵤ湯椠摻獩汰祡戺潬正挻牵潳㩲潰湩整㭲楷瑤㩨㘱硰栻楥桧㩴㘱硰}. The first DWORD in the Data section contains the index value to the malformed string while the second and third DWORDs in the Data section contain the last valid index values.

Error: (11/21/2016 08:35:36 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program SystemSettings.exe version 6.3.9600.17489 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 5270

Start Time: 01d2446092a4a357

Termination Time: 15

Application Path: C:\Windows\ImmersiveControlPanel\SystemSettings.exe

Report Id: f04c8dfe-b053-11e6-829b-f8bc129619e2

Faulting package full name: windows.immersivecontrolpanel_6.2.0.0_neutral_neutral_cw5n1h2txyewy

Faulting package-relative application ID: microsoft.windows.immersivecontrolpanel

Error: (11/21/2016 07:59:02 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: DRScanner.exe, version: 2.1.0.1103, time stamp: 0x58203e4e
Faulting module name: ntdll.dll, version: 6.3.9600.18233, time stamp: 0x56bb4e1d
Exception code: 0xc0000374
Fault offset: 0x000e6054
Faulting process id: 0x8c8
Faulting application start time: 0x01d2436e239c8d12
Faulting application path: C:\Program Files (x86)\Trend Micro\DRScanner\DRScanner.exe
Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report Id: db83e0fb-b04e-11e6-829b-f8bc129619e2
Faulting package full name:
Faulting package-relative application ID:


System errors:
=============
Error: (11/26/2016 04:58:44 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The WMI Performance Adapter service terminated with the following error:
Unspecified error

Error: (11/25/2016 01:29:30 AM) (Source: DCOM) (EventID: 10016) (User: UPSTAIRS2015)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user upstairs2015\maide_000 SID (S-1-5-21-3412248325-257921828-2620446140-1003) from address LocalHost (Using LRPC) running in the application container Unavailable SID (S-1-15-2-1430448594-2639229838-973813799-439329657-1197984847-4069167804-1277922394). This security permission can be modified using the Component Services administrative tool.

Error: (11/24/2016 08:37:35 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 40.

Error: (11/24/2016 05:42:39 PM) (Source: BTHUSB) (EventID: 17) (User: )
Description: The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded.

Error: (11/23/2016 09:27:02 PM) (Source: BTHUSB) (EventID: 17) (User: )
Description: The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded.

Error: (11/23/2016 05:42:59 PM) (Source: DCOM) (EventID: 10016) (User: UPSTAIRS2015)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{C2F03A33-21F5-47FA-B4BB-156362A2F239}
and APPID
{316CDED5-E4AE-4B15-9113-7055D84DCC97}
to the user upstairs2015\maide_000 SID (S-1-5-21-3412248325-257921828-2620446140-1003) from address LocalHost (Using LRPC) running in the application container Microsoft.BingWeather_3.0.4.344_x64__8wekyb3d8bbwe SID (S-1-15-2-2040986369-264322980-3882385089-1970153872-3662121739-3363227934-2464603330). This security permission can be modified using the Component Services administrative tool.

Error: (11/23/2016 05:35:13 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The SoftThinks Agent Service service terminated unexpectedly. It has done this 1 time(s).

Error: (11/23/2016 05:14:51 PM) (Source: DCOM) (EventID: 10010) (User: upstairs2015)
Description: The server {9BA05972-F6A8-11CF-A442-00A0C90A8F39} did not register with DCOM within the required timeout.

Error: (11/23/2016 04:41:46 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the NcdAutoSetup service.

Error: (11/23/2016 04:41:16 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the BFE service.


CodeIntegrity:
===================================
Date: 2016-11-26 17:02:15.396
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-11-26 17:02:15.193
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-11-26 17:02:14.974
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-11-26 17:02:14.615
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-11-26 17:02:14.412
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-11-26 17:02:14.193
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-11-26 17:02:13.881
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-11-26 17:02:13.662
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-11-26 17:02:13.459
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-11-26 17:02:13.006
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info ===========================

Processor: Intel® Pentium® CPU G3240 @ 3.10GHz
Percentage of memory in use: 46%
Total physical RAM: 4012.95 MB
Available physical RAM: 2157.14 MB
Total Virtual: 5228.95 MB
Available Virtual: 3174.88 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:919.56 GB) (Free:857.94 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 87756EF3)

Partition: GPT.

==================== End of Addition.txt ============================

Attached Files


Edited by Oh My!, 04 December 2016 - 12:35 PM.


#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,798 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:07:50 PM

Posted 04 December 2016 - 12:52 PM

Greetings Tiredmaiden and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met.
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far.

Please do this.

===================================================

Uninstalling a Program using Add/Remove Program

--------------------

I recommend the uninstalling of the below listed program(s). If you desire to keep the program I would ask that you reinstall it following our efforts here.
  • Press windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type appwiz.cpl and press Enter
  • A list of installed programs will be displayed
  • Uninstall the following by clicking on the program(s) below (and any other similar names) and selecting Remove or Uninstall

System Checkup 3.5

  • Reboot your computer
===================================================

AdwCleaner by Xplode

-------------------
  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browser
  • Double click on AdwCleaner.exe, click Run, then select I agree if it appears
  • Click Scan
  • Once the scan has completed if there are threats found you will see Found 3 threats or something similar above the progress bar
  • Click each tab under Results and uncheck any items you want to keep
  • Click on Clean
  • Confirm the cleaning and rebooting of your computer by clicking OK
  • Your computer will be rebooted automatically. A text file will open after the restart
  • Copy and paste the contents in your reply
===================================================

Junkware Removal Tool by thisisu

-------------------
  • Please download Junkware Removal Tool and save it to your desktop.
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Right-mouse click JRT.exe and select Run as administrator (Windows XP double click the icon)
  • Please allow the program time to run
  • Once completed a Notepad document will open on your desktop
  • Copy and paste the contents in your reply
===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it as fixlist.txt in the same location/folder as FRST.exe (<<<Important)
CreateRestorePoint:
CloseProcesses:
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3412248325-257921828-2620446140-1003 -> DefaultScope {61E6EFAD-C865-47BF-8B4D-C7589B127CDF} URL =
SearchScopes: HKU\S-1-5-21-3412248325-257921828-2620446140-1003 -> {61E6EFAD-C865-47BF-8B4D-C7589B127CDF} URL =
2016-11-14 14:06 - 2016-11-14 14:06 - 00487464 _____ C:\Users\C\AppData\LocalLow\Pre3637.tmp
2016-11-14 14:06 - 2016-11-14 14:06 - 00214471 _____ C:\Users\C\AppData\LocalLow\Pre3C14.tmp
2016-11-14 14:06 - 2016-11-14 14:06 - 00188168 _____ C:\Users\C\AppData\LocalLow\Pre3106.tmp
Task: {FE43F60C-2FFE-4CAB-9072-19D5700FBC22} - System32\Tasks\iolo System Checkup => C:\ProgramData\iolo\scustask.lnk [Argument = /toaster]
FirewallRules: [{8C5585CB-01E9-4468-9014-BC89F2368029}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{B02BB66A-96C0-47D3-AD07-2DD29DEAACD8}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
emptytemp:
  • Right click on FRST.exe, select Run as administrator then press the Fix button
  • When completed he tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

System Summary Information

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type msinfo32 and press Enter
  • Left click on System Summary
  • Click File, Save, and name the file Summary
  • Zip and attach the file to your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • FRST results
  • AdwCleaner log
  • Junkware log
  • System Summary Information
  • Update on system performance

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#5 Tiredmaiden

Tiredmaiden
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Eastern USA
  • Local time:10:50 PM

Posted 04 December 2016 - 06:21 PM

Hello Gary, and thank you for your help.  My name is Coleen, and look forward ( :hello: nervously) to embark on this 'adventure' in troubleshooting with you!

 

System Checkup 3.5 has been removed.

 

Here is the contents of the AdwCleaner results:

 

# AdwCleaner v6.040 - Logfile created 04/12/2016 at 17:24:19
# Updated on 02/12/2016 by Malwarebytes
# Database : 2016-12-04.1 [Server]
# Operating System : Windows 8.1  (X64)
# Username : maide_000 - UPSTAIRS2015
# Running from : C:\Users\maide_000\Desktop\AdwCleaner.exe
# Mode: Clean
# Support : https://www.malwarebytes.com/support

 

***** [ Services ] *****

 

***** [ Folders ] *****

 

***** [ Files ] *****

 

***** [ DLL ] *****

 

***** [ WMI ] *****

 

***** [ Shortcuts ] *****

 

***** [ Scheduled Tasks ] *****

 

***** [ Registry ] *****

[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{E4ADC61E-D06A-4E0E-8582-78C809CC8450}
[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{EB2BEAEF-150C-4DE4-9D09-F16403C22769}

***** [ Web browsers ] *****

 

*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [924 Bytes] - [04/12/2016 17:24:19]
C:\AdwCleaner\AdwCleaner[S0].txt - [1268 Bytes] - [04/12/2016 17:22:40]

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [1069 Bytes] ##########

 

JRT as follows:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.9 (09.30.2016)
Operating System: Windows 8.1 x64
Ran by maide_000 (Administrator) on Sun 12/04/2016 at 18:04:43.70
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

File System: 0

 

Registry: 3

Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{61E6EFAD-C865-47BF-8B4D-C7589B127CDF} (Registry Key)
Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} (Registry Key)
Successfully deleted: HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} (Registry Key)

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 12/04/2016 at 18:05:52.52
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

Bear with me on the next directive regarding FRST.  When you say "Run Fix in Normal or Safe Mode," are you asking me to run the scan in the same way as I did in my initial posts?  I had double-clicked on the desktop icon, and clicked on the "Fix" button...the dialogue box disappeared at than point, so I am not sure if I need to do something other than moving on to copying and pasting the code box contents, and so on.  



#6 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,798 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:07:50 PM

Posted 04 December 2016 - 09:00 PM

Greetings Coleen.

Sorry my instructions were confusing. You can run FRST in Normal Mode just as you did initially. I include Safe Mode for those who can't successfully boot into Normal Mode.

When you follow the steps you should end up with a fixlist.txt document on your desktop. After that has been completed you can right click on FRST.exe, select Run as administrator, then click fix. You should end up with a fixlog.txt document on your desktop. Copy and paste that information in your reply.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#7 Tiredmaiden

Tiredmaiden
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Eastern USA
  • Local time:10:50 PM

Posted 04 December 2016 - 09:55 PM

Nope Gary, your instructions aren't confusing...they seem fine for most but, ADD/other cognitive issues can make simple instructions, head-scratchers for me.

 

If done correctly, here is the fixlog.txt:

 

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 04-12-2016
Ran by maide_000 (04-12-2016 21:20:21) Run:1
Running from C:\Users\maide_000\Desktop
Loaded Profiles: C & maide_000 (Available Profiles: C & maide_000 & vette_000)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3412248325-257921828-2620446140-1003 -> DefaultScope {61E6EFAD-C865-47BF-8B4D-C7589B127CDF} URL =
SearchScopes: HKU\S-1-5-21-3412248325-257921828-2620446140-1003 -> {61E6EFAD-C865-47BF-8B4D-C7589B127CDF} URL =
2016-11-14 14:06 - 2016-11-14 14:06 - 00487464 _____ C:\Users\C\AppData\LocalLow\Pre3637.tmp
2016-11-14 14:06 - 2016-11-14 14:06 - 00214471 _____ C:\Users\C\AppData\LocalLow\Pre3C14.tmp
2016-11-14 14:06 - 2016-11-14 14:06 - 00188168 _____ C:\Users\C\AppData\LocalLow\Pre3106.tmp
Task: {FE43F60C-2FFE-4CAB-9072-19D5700FBC22} - System32\Tasks\iolo System Checkup => C:\ProgramData\iolo\scustask.lnk [Argument = /toaster]
FirewallRules: [{8C5585CB-01E9-4468-9014-BC89F2368029}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{B02BB66A-96C0-47D3-AD07-2DD29DEAACD8}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
emptytemp:
*****************

Restore point was successfully created.
Processes closed successfully.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => key removed successfully
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found.
HKCR\Wow6432Node\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found.
HKU\S-1-5-21-3412248325-257921828-2620446140-1003\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKU\S-1-5-21-3412248325-257921828-2620446140-1003\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{61E6EFAD-C865-47BF-8B4D-C7589B127CDF} => key not found.
HKCR\CLSID\{61E6EFAD-C865-47BF-8B4D-C7589B127CDF} => key not found.
C:\Users\C\AppData\LocalLow\Pre3637.tmp => moved successfully
C:\Users\C\AppData\LocalLow\Pre3C14.tmp => moved successfully
C:\Users\C\AppData\LocalLow\Pre3106.tmp => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FE43F60C-2FFE-4CAB-9072-19D5700FBC22} => key not found.
C:\Windows\System32\Tasks\iolo System Checkup => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\iolo System Checkup => key not found.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{8C5585CB-01E9-4468-9014-BC89F2368029} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{B02BB66A-96C0-47D3-AD07-2DD29DEAACD8} => value removed successfully

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 8498404 B
Java, Flash, Steam htmlcache => 506 B
Windows/system/drivers => 150926250 B
Edge => 0 B
Chrome => 0 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 128 B
systemprofile32 => 128 B
LocalService => 0 B
NetworkService => 38198 B
C => 854968 B
maide_000 => 78222703 B
vette_000 => 76484960 B

RecycleBin => 0 B
EmptyTemp: => 308.4 MB temporary data Removed.

================================

The system needed a reboot.

==== End of Fixlog 21:21:16 ====

 

As for the "Summary," belief it or not, never "zipped" before...fingers crossed!

 

 

 

Attached Files



#8 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,798 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:07:50 PM

Posted 05 December 2016 - 09:17 AM

Hi Coleen.

Perfect from start to finish! :thumbsup2:

When was the last time you experienced a redirect?

Please do this now.

===================================================

ESET Online Scanner

--------------------

I'd like us to scan your machine with ESET OnlineScan This process may may take several hours, that is normal.
  • Download esetsmartinstaller_enu.exe and save it to your Desktop
  • Double click the icon
  • Check YES, I accept the Terms of Use
  • Click the Start button
  • Accept any security warnings from your browser
  • Click Advanced settings
  • Check the following items

Enable detection of potentially unwanted applications
Remove found threats
Scan archives
Scan for potentially unsafe applications
Enable Anti-Stealth technology

  • Click Start
  • ESET will then download updates and begin scanning your computer
  • If no threats are found simply click Uninstall application on close and hit Finish
  • If threats are found click List of found threats
  • Click Export to text file
  • Save the file on your Desktop as ESET.txt
  • Click Back
  • Review the list of entries and if there are any you want to keep stop and copy/paste the ESET.txt report in your reply for my review
  • If you do not wish to keep any of the entries check Uninstall application on close and Delete quarantined files
  • Click Finish
  • Close the ESET Online Scanner window
  • Copy and paste the contents of ESET.txt in your reply
===================================================

screen317's Security Check

--------------------
  • Please download screen317's Security Check to your desktop
  • Double-click icon to launch the program
  • Click OK
  • Select Run Note: If you receive an error message saying UNSUPPORTED OPERATING SYSTEM! ABORTED! reboot your computer and attempt to run it again
  • Allow the program to run
  • A Notepad document will open on your desktop. Please copy and paste the contents in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • ESET log
  • Security Check log
  • How is your computer running?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#9 Tiredmaiden

Tiredmaiden
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Eastern USA
  • Local time:10:50 PM

Posted 06 December 2016 - 01:41 AM

To answer your question regarding the last redirect, it was on 11/18/16.  After that, I posted here, and then did not use the Pc much...used other devices to check for responses.

 

Ran ESET which resulted in "No threats Found."

 

Results of Security Check as follows:

 

 Results of screen317's Security Check version 1.014 --- 12/23/15 
   x64 (UAC is enabled) 
 Internet Explorer 11 
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled! 
Windows Defender  
 WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
````````Process Check: objlist.exe by Laurent```````` 
 Windows Defender MSMpEng.exe
 Windows Defender MSASCui.exe
 Windows Defender MSASCui.exe  
 Windows Defender MpCmdRun.exe  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:  %
````````````````````End of Log``````````````````````

 

 

 

With regard to how the computer is running, easy answer is fine.  However, when I look back at September (prior to my first topic posted here) the incidents of redirects and other odd behavior, had been sporadic for some time.  I would go a few weeks, and nothing, then on Sept 16th, I knew that it was not some 'fluke' and I posted for assistance and worked with "Jo."   (Additional info in my first post in this topic.)  When I look at the notes I scribbled (or screenshots taken,) the various redirects (including the fake Adobe update notifications,) began the evening the topic was closed...an odd "closed webpage" redirect as I was trying to go back to bleepingcomputer.  The next day was a scam security warning redirect, complete with audio, then things seemed fine for about 2 weeks, and spaced out another 2 or so weeks, etc.  For the "Adobe" redirects, I had sent them screenshots whenever they occurred as ongoing FYI.    And while they suggested seeking assistance here (was going to do so anyway,) the last response there, to me, indicated that there was likely something going on, and there were other suggestions made.  At that point, I wasn't going to make any move other than seek help here...not sure that anyone would agree with suggesting "installing Microsoft's Enhanced Mitigation Experience Toolkit..."    I limited use of this PC, and thought best to 'investigate' again, see if anything is found, and then decide on future fortification.   Also, had wondered since this had not been an everyday issue, that perhaps the issue was router related.  So, when it comes to how the PC is running after all troubleshooting, etc., I'm not sure that I would know all is okay, right away.  

 

I will be eager to hear your feedback when you feel the "all clear" whistle can be blown.



#10 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,798 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:07:50 PM

Posted 06 December 2016 - 09:15 AM

No threats were found by ESET and your installed programs are up to date. It is possible to visit a website that has been compromised by malware and as a result the website causes the redirect rather than something on your computer. At this point there is nothing of concern on you computer, things look good.

Not much else we can do. Do you have any questions or concerns before I post some closing instructions/information?
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#11 Tiredmaiden

Tiredmaiden
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Eastern USA
  • Local time:10:50 PM

Posted 06 December 2016 - 12:55 PM

Going back to post #4, where you instructed to copy & paste the contents of the code box, creating the fixlist.txt - "SearchScopes."  was this in fact malware?  I did do some searching online, and while there were quite a few hits, I only go with sites I know, and amongst those, the answers people were given seemed vague at best.  Things along the line of 'if you want to remove it, do this...."  So between persons asking about it, and those giving answers, perhaps they didn't need to be told this is malware.

 

The second question I have (and boy this may be a very ignorant one) is about the results in the initial FRST scan results.  I looked them over, and found :

"Chrome:
=======
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx."   The reason it stood out, and the reason I ask, is because I steer clear of google, chrome, apple, amazon, social media sites (probably others can't think of at moment,) and wondered why I would be seeing anything "Chrome"?"   Despite looking for some info, I am not clear on these "extensions."  I don't know if these are user generated and are not a problem.  It may mean nothing at all in the grand scheme of things but, because I have the question mark in my mind, I ask.

 

One last question, back in September, "Jo" had recommended downloading & using WOT.  I did so but shortly afterward I started to see on the internet mentions of WOT being a problem...various issues but mostly implying that it wasn't safe.  I did uninstall, as I was also looking into 'beefing' up my security and researching full security suites.  It seems like there are files still on the computer that are WOT related, so I am assuming that it didn't completely uninstall.  Do you have an opinion or advice regarding WOT? 

 

Other than these questions, I will await your closing instructions and continue to read through all the valuable information here at BC.  I have been digging in here in between postings, etc., and feel like this is probably the best "one-stop" resource for all things computing...rather than looking at other sites.  There is too much info out there.



#12 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,798 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:07:50 PM

Posted 06 December 2016 - 05:50 PM

Greetings Coleen,

The SearchScopes do not have any URL addresses associated with them so I removed them.

Regarding Chrome, those are associated with Avira and are added at the time of program installation. I am assuming you installed Avira at some point even though it is no longer on your system. They could be deleted but they are doing no harm.

I don't use Web of Trust and I don't know much about it. Sorry I can't give you an opinion one way or the other. I really only see one file and it is benign.

If this doesn't answer your questions please let me know.

Now that your computer is running well it is my great pleasure to proclaim to you the Good News!

===================================================

All Clean!

--------------

Your machine appears to be clean and we will now remove the tools used and logs created during our steps. Please do this.

===================================================

Delfix by Xplode

--------------------
  • Download Delfix and save it to your Desktop
  • Double click the icon
  • Place checkmarks in:

Remove disinfection tools
Create registry backup
Purge system restore

  • Click Run
===================================================

You may delete any additional programs or logs on your computer which were not automatically removed by Delfix. Simply delete the log files or desktop icons. If we used Emsisoft Emergency Kit just delete the icon on your desktop and the C:\EEK folder.

Please take the time to read below on how to secure the machine and take the necessary steps to keep it clean :thumbsup:

Lawrence Abrams, the founder of BleepingComputer.com, has developed an excellent tutorial which will provide you with the information you need to know to keep your computer secure and clean. Please take the time to read:In addition, here are some more links you might find of interest:Thank you for placing your trust in BleepingComputer. It was a pleasure serving you. OhMy_done.gif

Edited by Oh My!, 06 December 2016 - 05:51 PM.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#13 Tiredmaiden

Tiredmaiden
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Eastern USA
  • Local time:10:50 PM

Posted 06 December 2016 - 07:20 PM

"Good News!" is certainly welcomed good news!!

 

Thank you for your time, patience and the overall assistance.  I can't say enough how much I (and probably every other weary Pc user,) appreciate what you, and all of the volunteers here do for those of us.  Your own "Ground Rules" are well stated, and  I do admit how awed I am with the amount of knowledge you have to have to do what you do :bowdown:, you make it easier for a less knowledgeable person like me, by being committed and reassuring.  Not what I see elsewhere on the web and call "uncomfortably intimidating." 

 

My work is not done as I fully intend to make the most of the further reading you provided. 

 

Thank you again, and I wish you the best of this holiday season!

 

 Coleen  



#14 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,798 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:07:50 PM

Posted 06 December 2016 - 08:38 PM

Thank you Coleen.

Your kindness means a lot to me. I hope you never have to come back officially but if you do know we are here to help.

My best to you as well.

Gary
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#15 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,798 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:07:50 PM

Posted 08 December 2016 - 09:59 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users